Lucene search

K
kasperskyKaspersky LabKLA10514
HistoryMar 30, 2015 - 12:00 a.m.

KLA10514 Multiple vulnerabilities in PHP and plugins

2015-03-3000:00:00
Kaspersky Lab
threats.kaspersky.com
56

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.955 High

EPSS

Percentile

99.3%

Detect date:

03/30/2015

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.

Affected products:

PHP versions earlier than 5.4.39
PHP 5.5 versions earlier than 5.5.23
PHP 5.6 versions earlier than 5.6.7

Solution:

Update to the latest version
Get PHP

Original advisories:

PHP changelog

Impacts:

ACE

Related products:

PHP

CVE-IDS:

CVE-2015-27877.5Critical
CVE-2015-23485.0Critical
CVE-2015-23317.5Critical
CVE-2015-23017.5Critical
CVE-2015-13517.5Critical
CVE-2015-02737.5Critical
CVE-2014-97095.0Critical
CVE-2014-97057.5Critical
CVE-2014-96537.5Critical
CVE-2014-96525.0Critical

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.955 High

EPSS

Percentile

99.3%