Lucene search
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.ALA_ALAS-2016-728.NASLHistoryAug 02, 2016 - 12:00 a.m.
Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)
2016-08-0200:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
28
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
(CVE-2015-8874)
An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP’s gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted GD2 image.
(CVE-2016-5766)
An integer overflow, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP’s gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application, using gd via a specially crafted image buffer.
(CVE-2016-5767)
A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768)
The mcrypt_generic() and mdecrypt_generic() functions are prone to integer overflows, resulting in a heap-based overflow. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5769)
A type confusion issue was found in the SPLFileObject fread() function. A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2016-5770)
A use-after-free vulnerability that can occur when calling unserialize() on untrusted input was discovered. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application if the application unserializes untrusted input. (CVE-2016-5771 , CVE-2016-5773)
A double free can occur in wddx_deserialize() when trying to deserialize malicious XML input from user’s request. This flaw could possibly cause a PHP application to crash. (CVE-2016-5772)
It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.
(CVE-2016-5385)
(Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but was not previously part of this errata)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-728.
#
include("compat.inc");
if (description)
{
script_id(92663);
script_version("2.9");
script_cvs_date("Date: 2018/04/18 15:09:36");
script_cve_id("CVE-2015-8874", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773");
script_xref(name:"ALAS", value:"2016-728");
script_name(english:"Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A stack consumption vulnerability in GD in PHP allows remote attackers
to cause a denial of service via a crafted imagefilltoborder call.
(CVE-2015-8874)
An integer overflow, leading to a heap-based buffer overflow was found
in the imagecreatefromgd2() function of PHP's gd extension. A remote
attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP
application, using gd via a specially crafted GD2 image.
(CVE-2016-5766)
An integer overflow, leading to a heap-based buffer overflow was found
in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
remote attacker could use this flaw to crash a PHP application or
execute arbitrary code with the privileges of the user running that
PHP application, using gd via a specially crafted image buffer.
(CVE-2016-5767)
A double free flaw was found in the mb_ereg_replace_callback()
function of php which is used to perform regex search. This flaw could
possibly cause a PHP application to crash. (CVE-2016-5768)
The mcrypt_generic() and mdecrypt_generic() functions are prone to
integer overflows, resulting in a heap-based overflow. A remote
attacker could use this flaw to crash a PHP application or execute
arbitrary code with the privileges of the user running that PHP
application. (CVE-2016-5769)
A type confusion issue was found in the SPLFileObject fread()
function. A remote attacker able to submit a specially crafted input
to a PHP application, which uses this function, could use this flaw to
execute arbitrary code with the privileges of the user running that
PHP application. (CVE-2016-5770)
A use-after-free vulnerability that can occur when calling
unserialize() on untrusted input was discovered. A remote attacker
could use this flaw to crash a PHP application or execute arbitrary
code with the privileges of the user running that PHP application if
the application unserializes untrusted input. (CVE-2016-5771 ,
CVE-2016-5773)
A double free can occur in wddx_deserialize() when trying to
deserialize malicious XML input from user's request. This flaw could
possibly cause a PHP application to crash. (CVE-2016-5772)
It was discovered that PHP did not properly protect against the
HTTP_PROXY variable name clash. A remote attacker could possibly use
this flaw to redirect HTTP requests performed by a PHP script to an
attacker-controlled proxy via a malicious HTTP request.
(CVE-2016-5385)
(Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but
was not previously part of this errata)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2016-728.html"
);
script_set_attribute(
attribute:"solution",
value:
"Run 'yum update php55' to update your system.
Run 'yum update php56' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/08/01");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"php55-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-cli-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-common-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-dba-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-devel-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-gd-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-imap-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-intl-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-process-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-recode-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-soap-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-xml-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.38-1.116.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-cli-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-common-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-dba-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-devel-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-gd-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-imap-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-intl-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-process-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-recode-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-soap-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-xml-5.6.24-1.126.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.24-1.126.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | php55 | p-cpe:/a:amazon:linux:php55 |
| amazon | linux | php55-bcmath | p-cpe:/a:amazon:linux:php55-bcmath |
| amazon | linux | php56-fpm | p-cpe:/a:amazon:linux:php56-fpm |
| amazon | linux | php56-gd | p-cpe:/a:amazon:linux:php56-gd |
| amazon | linux | php56-gmp | p-cpe:/a:amazon:linux:php56-gmp |
| amazon | linux | php56-imap | p-cpe:/a:amazon:linux:php56-imap |
| amazon | linux | php56-intl | p-cpe:/a:amazon:linux:php56-intl |
| amazon | linux | php56-ldap | p-cpe:/a:amazon:linux:php56-ldap |
| amazon | linux | php56-mbstring | p-cpe:/a:amazon:linux:php56-mbstring |
| amazon | linux | php56-mcrypt | p-cpe:/a:amazon:linux:php56-mcrypt |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773
alas.aws.amazon.com/ALAS-2016-728.html
Related
nessus
nessus
PHP 5.5.x < 5.5.37 Multiple Vulnerabilities
2016-07-01 00:00:00
Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)
2016-06-27 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2016-06-23 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-728)
2016-10-26 00:00:00
Slackware: Security Advisory (SSA:2016-176-01)
2022-04-21 00:00:00
Fedora Update for php FEDORA-2016-34a6b65583
2016-07-10 00:00:00
amazon
amazon
Medium: php55, php56
2016-08-01 13:30:00
Medium: gd
2021-01-05 23:34:00
slackware
slackware
[slackware-security] php
2016-06-24 23:46:10
fedora
fedora
[SECURITY] Fedora 24 Update: php-5.6.23-1.fc24
2016-07-02 15:45:25
[SECURITY] Fedora 23 Update: php-5.6.23-1.fc23
2016-07-02 19:34:49
[SECURITY] Fedora 22 Update: php-5.6.23-1.fc22
2016-07-02 19:28:47
suse
suse
Security update for php5 (important)
2016-07-07 18:08:23
Security update for php53 (important)
2016-08-09 17:37:56
Security update for php5 (important)
2016-08-16 13:10:01
mageia
mageia
Updated php packages fix security vulnerability
2016-07-05 18:47:08
Updated libgd packages fix security vulnerability
2016-07-05 18:47:08
Updated libgd packages fix CVE-2015-8874
2016-05-22 01:11:24
debian
debian
[SECURITY] [DSA 3618-1] php5 security update
2016-07-14 19:50:00
[SECURITY] [DLA 628-1] php5 security update
2016-09-18 15:12:08
[SECURITY] [DLA 482-1] libgd2 security update
2016-05-19 17:58:42
oraclelinux
oraclelinux
php security and bug fix update
2016-11-09 00:00:00
php security update
2016-08-11 00:00:00
php security and bug fix update
2016-08-11 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in PHP affect PowerKVM
2018-06-18 01:34:16
Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)
2018-06-18 01:33:23
redhat
redhat
(RHSA-2016:2598) Moderate: php security and bug fix update
2016-11-03 06:07:16
(RHSA-2016:1611) Moderate: php55-php security update
2016-08-11 19:52:52
(RHSA-2016:1612) Moderate: rh-php56-php security update
2016-08-11 19:53:18
centos
centos
php security update
2016-11-25 15:41:35
php security update
2016-08-12 11:27:56
php security update
2016-08-11 21:20:11
threatpost
threatpost
Pornhub Hack Earns Researchers $22,000
2016-07-25 13:01:30
thn
thn
PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website
2016-07-24 20:25:00
osv
osv
php5 - security update
2016-09-18 00:00:00
CVE-2015-8874
2016-05-16 10:59:00
libgd2 - security update
2016-05-19 00:00:00
alpinelinux
alpinelinux
CVE-2015-8874
2016-05-16 10:59:00
CVE-2016-5767
2016-08-07 10:59:00
f5
f5
K42454663 : PHP vulnerability CVE-2015-8874
2016-06-23 00:00:00
SOL42454663 - PHP vulnerability CVE-2015-8874
2016-06-23 00:00:00
SOL21042398 - PHP vulnerability CVE-2016-5769
2016-10-23 00:00:00
prion
prion
Stack overflow
2016-05-16 10:59:00
Design/Logic Flaw
2016-08-07 10:59:00
Integer overflow
2016-08-07 10:59:00
ubuntucve
ubuntucve
debiancve
debiancve
hackerone
hackerone
Internet Bug Bounty: CVE-2015-8874 Stack overflow with imagefilltoborder
2016-06-24 03:40:50
redhatcve
redhatcve
friendsofphp
friendsofphp
HTTP Proxy header vulnerability
2018-02-12 19:47:17
HTTP Proxy header vulnerability
2016-07-18 20:27:36
github
github
HTTP Proxy header vulnerability
2022-04-07 13:59:22
cve
cve
myhack58
myhack58
typo3
typo3
Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
2018-08-09 00:00:00
Environment Variable Injection
2016-07-19 00:00:00
checkpoint_advisories
checkpoint_advisories
GD Library LibGD Integer Overflow (CVE-2016-5766)
2016-11-01 00:00:00
archlinux
archlinux
drupal: proxy injection
2016-07-21 00:00:00
veracode
veracode
Open Redirection
2019-01-15 09:12:46
gitlab
gitlab
HTTP Proxy header vulnerability
2016-07-18 00:00:00
Related for ALA_ALAS-2016-728.NASL