Lucene search

K
nessusTenable6015.PRM
HistoryAug 23, 2011 - 12:00 a.m.

PHP 5.3.x < 5.3.7 Multiple Vulnerabilities

2011-08-2300:00:00
Tenable
www.tenable.com
123

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :

  • A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

  • A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

  • A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

  • crypt_blowfish was updated to 1.2. (CVE-2011-2483)

  • Multiple null pointer dereferences exist.

  • An unspecified crash exists in error_log().

  • A buffer overflow vulnerability exists in crypt().

  • A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.

Binary data 6015.prm
VendorProductVersionCPE
phpphpcpe:/a:php:php

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%