Lucene search

Veracode Vulnerability DatabaseVERACODE:19302

HistoryMay 16, 2019 - 2:59 a.m.

Denial Of Service (DoS)

2019-05-1602:59:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.012 Low

EPSS

Percentile

85.2%

JSON

PHP is vulnerable to denial of service(DoS) attacks. This is because an invalid free in the WDDX deserialization of boolean parameters. An attacker could inject XML for deserialization to crash the PHP interpreter which occurs in ext/wddx/wddx.c file.

CPENameOperatorVersion
rh-php70-phpeq7.0.10__2.el7
rh-php70-phpeq7.0.10__2.el6
rh-php70-phpeq7.0.10__2.el7
rh-php70-phpeq7.0.10__2.el6

Name	Operator	Version
rh-php70-php	eq	7.0.10__2.el7
rh-php70-php	eq	7.0.10__2.el6
rh-php70-php	eq	7.0.10__2.el7
rh-php70-php	eq	7.0.10__2.el6

References

openwall.com/lists/oss-security/2017/07/10/6

php.net/ChangeLog-5.php

www.securityfocus.com/bid/99553

access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php

access.redhat.com/errata/RHSA-2018:1296

access.redhat.com/security/updates/classification/#moderate

bugs.php.net/bug.php?id=74145

git.php.net/?p=php-src.git;a=commit;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7

security.netapp.com/advisory/ntap-20180112-0001/

www.debian.org/security/2018/dsa-4081

www.tenable.com/security/tns-2017-12

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for VERACODE:19302