Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98819
HistoryJan 09, 2019 - 12:00 a.m.

PHP 5.6.x < 5.6.29 Multiple Vulnerabilities

2019-01-0900:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities :

  • A memory corruption issue exists in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9935)

  • A flaw exists in the in the openssl_pbkdf2() function in ext/openssl/openssl.c that is triggered when handling overly large key length parameters. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

Note that the scanner has not attempted to exploit this issue but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersion
aphpphp
Related for WEB_APPLICATION_SCANNING_98819