Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10746
HistoryJan 19, 2016 - 12:00 a.m.

KLA10746 Multiple vulnerabilities in PHP

2016-01-1900:00:00
Kaspersky Lab
threats.kaspersky.com
233

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.4%

JSON

Detect date:

01/19/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to cause denial of service, affect arbitrary files, execute arbitrary code or obtain sensitive information.

Affected products:

PHP 7 versions earlier than 7.0.2
PHP 5.6 versions earlier than 5.6.17
PHP versions earlier than 5.5.31

Solution:

Update to the latest version
Get PHP

Impacts:

ACE

Related products:

PHP

CVE-IDS:

CVE-2016-19047.5Critical
CVE-2016-19036.4High
CVE-2015-86167.5Critical
CVE-2015-68367.5Critical
CVE-2015-68335.0Warning
CVE-2015-68327.5Critical
CVE-2015-68317.5Critical
CVE-2015-65277.5Critical
CVE-2015-55907.5Critical

Related

kaspersky 1
openvas 43
nessus 53
freebsd 3
amazon 7
archlinux 1
f5 6
ubuntu 3
suse 4
osv 4
veracode 11
redhat 1
debian 5
cve 10
hackerone 5
ubuntucve 9
prion 10
debiancve 3
openwrt 3
mageia 3
redhatcve 1
fedora 4
securityvulns 4
ibm 1
slackware 2
thn 1
gentoo 1
kaspersky
kaspersky
KLA10747 Obsolete PHP version in XAMPP & WAMP
2016-01-19 00:00:00
openvas
openvas
PHP Multiple Vulnerabilities - 01 (Mar 2016) - Windows
2016-03-01 00:00:00
PHP Multiple Vulnerabilities - 01 (Mar 2016) - Linux
2016-03-01 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-585)
2015-09-08 00:00:00
nessus
nessus
FreeBSD : php5 -- multiple vulnerabilities (787ef75e-44da-11e5-93ad-002590263bf5)
2015-08-18 00:00:00
Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)
2015-08-18 00:00:00
Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)
2015-08-18 00:00:00
freebsd
freebsd
php5 -- multiple vulnerabilities
2015-08-06 00:00:00
php-phar -- multiple vulnerabilities
2015-06-24 00:00:00
php -- multiple vulnerabilities
2015-09-03 00:00:00
amazon
amazon
Medium: php54
2015-08-17 12:39:00
Medium: php56
2015-08-17 12:46:00
Medium: php55
2015-08-17 12:41:00
archlinux
archlinux
php: multiple issues
2016-01-14 00:00:00
f5
f5
SOL59722044 - PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904
2016-03-07 00:00:00
K59722044 : PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904
2016-03-08 00:00:00
K71059632 : PHP vulnerability CVE-2015-8616
2016-05-04 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
PHP regression
2016-04-27 00:00:00
PHP vulnerabilities
2016-04-21 00:00:00
suse
suse
Security update for php53 (important)
2015-10-26 15:09:54
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php5 (important)
2015-09-25 15:09:56
osv
osv
php5 - security update
2015-08-27 00:00:00
php5 - security update
2015-11-08 00:00:00
CVE-2016-4473
2017-06-08 20:29:00
veracode
veracode
Use After Free
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:42
Use-After-Free
2019-05-02 05:27:42
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
debian
debian
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
cve
cve
CVE-2015-6832
2016-01-19 05:59:00
CVE-2015-6527
2016-01-19 05:59:00
CVE-2015-6833
2016-01-19 05:59:00
hackerone
hackerone
Internet Bug Bounty: Dangling pointer in the unserialization of ArrayObject items
2015-07-13 00:00:00
Internet Bug Bounty: Arbitrary code execution in str_ireplace function
2015-07-26 00:00:00
Internet Bug Bounty: Files extracted from archive may be placed outside of destination directory
2015-07-08 00:00:00
ubuntucve
ubuntucve
CVE-2015-6833
2015-08-27 00:00:00
CVE-2015-6832
2015-08-27 00:00:00
CVE-2016-1903
2016-01-19 00:00:00
prion
prion
Design/Logic Flaw
2016-01-19 05:59:00
Design/Logic Flaw
2016-01-19 05:59:00
Directory traversal
2016-01-19 05:59:00
debiancve
debiancve
CVE-2016-1903
2016-01-19 05:59:00
CVE-2015-8616
2016-01-19 05:59:00
CVE-2016-1904
2016-01-19 05:59:00
openwrt
openwrt
php: Security update (CVE-2016-1903)
2016-01-28 12:25:14
prosody: Security update (2 CVEs)
2016-01-28 12:25:32
php: Security update (7 CVEs)
2016-01-28 12:23:45
mageia
mageia
Updated php packages fix security vulnerability
2016-01-17 03:26:26
Updated php package fixes security vulnerabilities
2015-07-23 12:39:14
Updated php packages fix security vulnerabilities
2015-09-14 00:58:30
redhatcve
redhatcve
CVE-2016-4473
2016-08-22 20:48:41
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.11-1.fc21
2015-07-29 01:58:13
[SECURITY] Fedora 22 Update: php-5.6.13-1.fc22
2015-09-14 23:22:46
[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21
2015-09-14 22:23:26
securityvulns
securityvulns
PHP security vulnerabilities
2015-08-31 00:00:00
[SECURITY] [DSA 3344-1] php5 security update
2015-08-31 00:00:00
[SECURITY] [DSA 3358-1] php5 security update
2015-09-15 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)
2018-06-18 01:31:31
slackware
slackware
[slackware-security] php
2016-02-04 00:07:13
[slackware-security] php
2015-10-01 21:35:28
thn
thn
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
2016-12-28 23:45:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.4%

JSON
Related for KLA10746
kaspersky1openvas43nessus53freebsd3amazon7archlinux1f56ubuntu3suse4osv4veracode11redhat1debian5cve10hackerone5ubuntucve9prion10debiancve3openwrt3mageia3redhatcve1fedora4securityvulns4ibm1slackware2thn1gentoo1