Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:AC122BBB1C923E6A927A15638529B33B
HistoryMar 17, 2017 - 12:00 a.m.

Multiple PHP vulnerabilities | Cloud Foundry

2017-03-1700:00:00
Cloud Foundry
www.cloudfoundry.org
54

0.582 Medium

EPSS

Percentile

97.8%

JSON

Severity

Medium

Vendor

PHP

Versions Affected

  • Cloud Foundry PHP buildpack versions prior to 4.3.29
  • Note: The PHP buildpack is patched from upstream PHP source

Description

It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912)

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478)

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479)

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137)

It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934)

It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935)

It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158)

It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159)

It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160)

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • PHP Buildpack prior to version 4.3.29

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade the PHP Buildpack to v4.3.29 or later and restage all applications that use automated buildpack detection.

References

Related

openvas 34
ubuntu 3
nessus 45
gentoo 1
osv 12
debian 6
mageia 2
suse 5
amazon 4
slackware 2
ubuntucve 11
freebsd 1
thn 1
cvelist 10
cve 10
prion 10
redhatcve 8
checkpoint_advisories 3
nvd 10
kaspersky 3
debiancve 9
veracode 6
ibm 1
f5 1
hackerone 1
openvas
openvas
Ubuntu: Security Advisory (USN-3196-1)
2017-02-15 00:00:00
Debian: Security Advisory (DSA-3783-1)
2017-02-07 00:00:00
Debian Security Advisory DSA 3783-1 (php5 - security update)
2017-02-08 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2017-02-14 00:00:00
PHP regression
2017-03-02 00:00:00
PHP vulnerabilities
2017-02-23 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-3196-1)
2017-02-15 00:00:00
GLSA-201702-29 : PHP: Multiple vulnerabilities
2017-02-21 00:00:00
Debian DSA-3783-1 : php5 - security update
2017-02-09 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2017-02-21 00:00:00
osv
osv
php5 - security update
2017-02-08 00:00:00
php5 - security update
2017-02-07 00:00:00
php5 - security update
2017-03-28 00:00:00
debian
debian
[SECURITY] [DSA 3783-1] php5 security update
2017-02-09 02:28:30
[SECURITY] [DSA 3783-1] php5 security update
2017-02-09 02:28:30
[SECURITY] [DLA 818-1] php5 security update
2017-02-07 16:25:20
mageia
mageia
Updated php packages fix security vulnerabilities
2017-02-04 21:41:12
Updated php packages fix security vulnerability
2016-12-23 00:41:01
suse
suse
Security update for php53 (important)
2017-02-27 18:08:46
Security update for php5 (important)
2017-02-23 15:08:17
Security update for php7 (important)
2017-03-02 15:12:04
amazon
amazon
Medium: php56
2017-03-28 23:30:00
Medium: php70
2017-03-29 20:15:00
Medium: php56
2017-01-26 18:00:00
slackware
slackware
[slackware-security] php
2017-02-10 20:41:10
[slackware-security] php
2016-12-12 23:11:02
ubuntucve
ubuntucve
CVE-2016-7478
2017-01-11 00:00:00
CVE-2016-9138
2017-01-04 00:00:00
CVE-2016-9137
2017-01-04 00:00:00
freebsd
freebsd
PHP -- multiple vulnerabilities
2016-12-27 00:00:00
thn
thn
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
2016-12-28 23:45:00
cvelist
cvelist
CVE-2014-9912
2017-01-04 20:00:00
CVE-2016-10158
2017-01-24 21:00:00
CVE-2016-10159
2017-01-24 21:00:00
cve
cve
CVE-2016-9137
2017-01-04 20:59:00
CVE-2014-9912
2017-01-04 20:59:00
CVE-2016-10158
2017-01-24 21:59:00
prion
prion
Buffer overflow
2017-01-04 20:59:00
Design/Logic Flaw
2017-01-04 20:59:00
Integer overflow
2017-01-24 21:59:00
redhatcve
redhatcve
CVE-2016-9137
2016-11-02 11:47:15
CVE-2016-10158
2017-02-03 12:49:43
CVE-2016-7479
2017-01-12 15:17:50
checkpoint_advisories
checkpoint_advisories
PHP 7 Unserialization Exception Infinite Loop Denial of Service (CVE-2016-7478)
2016-10-18 00:00:00
PHP 7 Unserialization Malicious toString Remote Code Execution (CVE-2016-7479)
2016-10-18 00:00:00
PHP Multiple Function Stack Buffer Overflow (CVE-2015-3329; CVE-2016-10159)
2015-07-23 00:00:00
nvd
nvd
CVE-2014-9912
2017-01-04 20:59:00
CVE-2016-10159
2017-01-24 21:59:00
CVE-2016-9137
2017-01-04 20:59:00
kaspersky
kaspersky
KLA10931 Denial of service vulnerability in PHP
2017-01-04 00:00:00
KLA10930 Denial of service vulnerability in PHP
2017-01-04 00:00:00
KLA10928 Denial of service vulnerabilities in PHP
2017-01-04 00:00:00
debiancve
debiancve
CVE-2016-10158
2017-01-24 21:59:00
CVE-2016-9137
2017-01-04 20:59:00
CVE-2016-10159
2017-01-24 21:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:08
Denial Of Service (DoS)
2019-05-16 02:59:57
Null Pointer Dereference
2019-05-16 02:59:58
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by a php5 vulnerability (CVE-2016-10158)
2018-06-18 01:35:37
f5
f5
K05918709 : PHP vulnerability CVE-2016-7479
2017-03-14 00:00:00
hackerone
hackerone
Internet Bug Bounty: Out of bounds memory read in unserialize()
2017-01-24 20:38:29

0.582 Medium

EPSS

Percentile

97.8%

JSON
Related for CFOUNDRY:AC122BBB1C923E6A927A15638529B33B
openvas34ubuntu3nessus45gentoo1osv12debian6mageia2suse5amazon4slackware2ubuntucve11freebsd1thn1cvelist10cve10prion10redhatcve8checkpoint_advisories3nvd10kaspersky3debiancve9veracode6ibm1f51hackerone1