MiracleLinux 4 : rh-php56-php-5.6.5-8.AXS4 (AXSA:2016-144:01)

🗓️ 19 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 host has rh-php56 PHP 5.6.5-8 affected by multiple CVEs per AXSA-2016-144:01.

Reporter	Title	Published	Views	Family All 406
0day.today	Joomla 1.5 - 3.4.5 - HTTP Header Unauthenticated Remote Code Execution Exploit	19 Dec 201500:00	–	zdt
0day.today	Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabiliti	22 Sep 201600:00	–	zdt
FreeBSD	php -- multiple vulnerabilities	3 Sep 201500:00	–	freebsd
FreeBSD	php5 -- multiple vulnerabilities	6 Aug 201500:00	–	freebsd
FreeBSD	php-phar -- multiple vulnerabilities	24 Jun 201500:00	–	freebsd
FreeBSD	php -- multiple vulnerabilities	1 Oct 201500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues	16 Jun 201819:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)	18 Jun 201801:31	–	ibm
Tenable Nessus	PHP 5.4.x < 5.4.45 / 5.5.x < 5.5.29 / 5.6.x < 5.6.13 Multiple Vulnerabilities	14 Sep 201500:00	–	nessus
Tenable Nessus	PHP 5.4.x < 5.4.43 / 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	7 Oct 201500:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/6530
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-144:01.
##

include('compat.inc');

if (description)
{
  script_id(291542);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id(
    "CVE-2015-5589",
    "CVE-2015-5590",
    "CVE-2015-6831",
    "CVE-2015-6832",
    "CVE-2015-6833",
    "CVE-2015-6834",
    "CVE-2015-6835",
    "CVE-2015-6836",
    "CVE-2015-6837",
    "CVE-2015-6838",
    "CVE-2015-7803",
    "CVE-2015-7804"
  );

  script_name(english:"MiracleLinux 4 : rh-php56-php-5.6.5-8.AXS4 (AXSA:2016-144:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2016-144:01 advisory.

    PHP is an HTML-embedded scripting language. PHP attempts to make it
    easy for developers to write dynamically generated web pages. PHP also
    offers built-in database integration for several commercial and
    non-commercial database management systems, so writing a
    database-enabled webpage with PHP is fairly simple. The most common
    use of PHP coding is probably as a replacement for CGI scripts.
    This package contains the module (often referred to as mod_php)
    which adds support for the PHP language to Apache HTTP 2.4 Server.
    Security issues fixed with this release:
    CVE-2015-5589
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2015-5590
    Stack-based buffer overflow in the phar_fix_filepath function in
    ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x
    before 5.6.11 allows remote attackers to cause a denial of service or
    possibly have unspecified other impact via a large length value, as
    demonstrated by mishandling of an e-mail attachment by the imap PHP
    extension.
    CVE-2015-6831
    Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44,
    5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to
    execute arbitrary code via vectors involving (1) ArrayObject, (2)
    SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled
    during unserialization.
    CVE-2015-6832
    Use-after-free vulnerability in the SPL unserialize implementation in
    ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and
    5.6.x before 5.6.12 allows remote attackers to execute arbitrary code
    via crafted serialized data that triggers misuse of an array field.
    CVE-2015-6833
    Directory traversal vulnerability in the PharData class in PHP before
    5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote
    attackers to write to arbitrary files via a .. (dot dot) in a ZIP
    archive entry that is mishandled during an extractTo call.
    CVE-2015-6834
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2015-6835
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2015-6836
    The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45,
    5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage
    headers, which allows remote attackers to execute arbitrary code via
    crafted serialized data that triggers a type confusion in the
    serialize_function_call function.
    CVE-2015-6837
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2015-6838
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2015-7803
    The phar_get_entry_data function in ext/phar/util.c in PHP before
    5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a
    denial of service (NULL pointer dereference and application crash) via
    a .phar file with a crafted TAR archive entry in which the Link
    indicator references a file that does not exist.
    CVE-2015-7804
    Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c
    in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
    to cause a denial of service (uninitialized pointer dereference and
    application crash) by including the / filename in a .zip PHAR archive.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/6530");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5589");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-6835");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rh-php56-php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'rh-php56-php-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-bcmath-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-cli-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-common-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-dba-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-dbg-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-devel-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-embedded-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-enchant-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-fpm-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-gd-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-gmp-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-imap-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-intl-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-ldap-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-mbstring-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-mysqlnd-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-odbc-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-opcache-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-pdo-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-pgsql-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-process-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-pspell-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-recode-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-snmp-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-soap-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-tidy-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-xml-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'rh-php56-php-xmlrpc-5.6.5-8.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-php56-php / rh-php56-php-bcmath / rh-php56-php-cli / etc');
}

19 Jan 2026 00:00Current

9.3High risk

Vulners AI Score9.3

CVSS 39.8

CVSS 210

CVSS 3.17.3

EPSS0.35455