HistoryJan 09, 2019 - 12:00 a.m.

PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)

2019-01-0900:00:00

www.tenable.com

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities :

A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235)
A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the ‘ext/date/php_date.c’ script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273)
An XML External Entity (XXE) flaw exists in the PHP-FPM component due to improper parsing of XML data. A remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information or cause a denial of service. (CVE-2015-8866)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.

No source data

VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	*	cpe:2.3:a:php:php::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8866

php.net/ChangeLog-5.php#5.6.6

www.nessus.org/u?c7a6ddbd

bugs.php.net/bug.php?id=68925

bugs.php.net/bug.php?id=68942

nessus 49

openvas 25

amazon 3

fedora 2

freebsd 2

packetstorm 4

attackerkb 2

f5 5

exploitpack 3

ubuntucve 3

zdt 3

checkpoint_advisories 2

prion 3

cve 3

ibm 33

metasploit 2

cert 1

altlinux 2

debian 1

lenovo 2

threatpost 2

thn 3

redhat 4

slackware 1

ics 2

centos 2

checkpoint_security 1

osv 1

securityvulns 4

debiancve 1

suse 6

veracode 1

oraclelinux 3

fortinet 1

vulnerlab 2

cisco 1

huawei 1

arista 1

cisa 1

seebug 1

citrix 1

paloalto 1

cloudfoundry 1

ubuntu 2

exploitdb 3

mageia 1

archlinux 1

nessus

FreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8) (GHOST)

2015-02-27 00:00:00

Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)

2015-03-25 00:00:00

Fedora 21 : php-5.6.6-1.fc21 (2015-2315)

2015-02-24 00:00:00

openvas

Fedora Update for php FEDORA-2015-2315

2015-02-25 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-493)

2015-09-08 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-494)

2015-09-08 00:00:00

amazon

Critical: php55

2015-03-23 08:29:00

Critical: php54

2015-03-13 10:00:00

Critical: glibc

2015-01-27 11:41:00

fedora

[SECURITY] Fedora 21 Update: php-5.6.6-1.fc21

2015-02-23 23:28:40

[SECURITY] Fedora 20 Update: php-5.5.22-1.fc20

2015-03-04 10:24:35

freebsd

php5 -- multiple vulnerabilities

2015-02-18 00:00:00

glibc -- gethostbyname buffer overflow

2015-01-27 00:00:00

packetstorm

PHP DateTime Use-After-Free

2015-02-20 00:00:00

Exim ESMTP GHOST Denial Of Service

2015-01-29 00:00:00

Exim GHOST (glibc gethostbyname) Buffer Overflow

2015-03-24 00:00:00

attackerkb

CVE-2015-0273

2015-03-30 00:00:00

Heap overflow in glibc 2.2 name resolution (CVE-2015-0235)

2015-01-28 00:00:00

SOL16336 - PHP vulnerability CVE-2015-0273

2015-04-02 00:00:00

K16336 : PHP vulnerability CVE-2015-0273

2015-04-02 00:00:00

K16057 : GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

2015-10-09 00:00:00

exploitpack

PHP DateTime - Use-After-Free

2015-02-23 00:00:00

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

2015-01-29 00:00:00

Exim - GHOST glibc gethostbyname Buffer Overflow (Metasploit)

2015-03-18 00:00:00

ubuntucve

CVE-2015-0273

2015-02-23 00:00:00

CVE-2015-0235

2015-01-27 00:00:00

CVE-2015-8866

2016-05-22 00:00:00

zdt

PHP DateTime Use After Free Vulnerability

2015-02-23 00:00:00

Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit

2015-03-19 00:00:00

Exim ESMTP GHOST Denial Of Service Exploit

2015-01-29 00:00:00

checkpoint_advisories

PHP Date Time Object Unserialize Memory Corruption (CVE-2015-0273)

2015-03-08 00:00:00

GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)

2015-01-28 00:00:00

prion

Design/Logic Flaw

2015-03-30 10:59:00

Heap overflow

2015-01-28 19:59:00

Xxe

2016-05-22 01:59:00

cve

CVE-2015-0273

2015-03-30 10:59:00

CVE-2015-0235

2015-01-28 19:59:00

CVE-2015-8866

2016-05-22 01:59:00

ibm

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235)

2018-06-16 21:22:19

Security Bulletin: GNU C library (glibc) vulnerability affects IBM API Management (CVE-2015-0235)

2018-06-15 07:02:31

Security Bulletin: GNU C library (glibc) vulnerability affects IBM XIV Storage System Gen2 (CVE-2015-0235)

2018-06-18 00:09:09

metasploit

WordPress XMLRPC GHOST Vulnerability Scanner

2015-01-30 14:29:51

Exim GHOST (glibc gethostbyname) Buffer Overflow

2015-03-18 23:51:16

cert

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

2015-01-28 00:00:00

altlinux

Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.2

2015-01-28 00:00:00

Security fix for the ALT Linux 5 package glibc version 6:2.11.2-alt1.M51.2

2015-01-28 00:00:00

debian

[SECURITY] [DLA 139-1] eglibc security update

2015-01-28 10:25:42

lenovo

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")

2016-07-22 00:00:00

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow (

2016-07-22 00:00:00

threatpost

Ghost glibc Vulnerability Patching and Exploits

2015-01-28 13:28:29

GHOST glibc Linux Remote Code Execution Vulnerability

2015-01-27 12:55:29

thn

GHOST glibc Vulnerability Affects WordPress and PHP applications

2015-01-29 23:53:00

Critical GHOST vulnerability affects most Linux Systems

2015-01-27 21:17:00

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

2016-02-16 21:27:00

redhat

(RHSA-2015:0092) Critical: glibc security update

2015-01-27 00:00:00

(RHSA-2015:0090) Critical: glibc security update

2015-01-27 00:00:00

(RHSA-2015:0099) Critical: glibc security update

2015-01-28 00:00:00

slackware

[slackware-security] glibc

2015-01-28 20:35:21

ics

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability

2018-09-10 12:00:00

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability (Update A)

2018-08-27 12:00:00

centos

glibc, nscd security update

2015-01-27 23:31:01

glibc, nscd security update

2015-01-27 22:59:55

checkpoint_security

Check Point Response to CVE-2015-0235 (glibc - GHOST)

2015-01-26 22:00:00

osv

eglibc - security update

2015-01-28 00:00:00

securityvulns

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

2015-02-02 00:00:00

GNU glibc gethostbyname functions buffer overflow

2015-02-02 00:00:00

ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities

2015-03-16 00:00:00

debiancve

CVE-2015-0235

2015-01-28 19:59:00

suse

glibc (critical)

2015-01-28 19:04:53

Security update for glibc (critical)

2015-02-02 09:04:48

Security update for glibc (critical)

2015-01-28 03:04:56

veracode

Arbitrary Code Execution

2019-01-15 09:04:16

oraclelinux

glibc security update

2015-01-27 00:00:00

glibc security update

2015-01-29 00:00:00

glibc security update

2015-08-17 00:00:00

fortinet

CVE-2015-0235 "GHOST" vulnerability

2015-01-28 00:00:00

vulnerlab

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

2015-01-30 00:00:00

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

2015-01-30 00:00:00

cisco

GNU glibc gethostbyname Function Buffer Overflow Vulnerability

2015-01-28 22:30:00

huawei

Security Advisory - Glibc Buffer Overflow Vulnerability

2015-02-26 00:00:00

arista

Security Advisory 0009

2015-01-28 00:00:00

cisa

Linux "Ghost" Remote Code Execution Vulnerability

2015-01-27 00:00:00

seebug

Linux glibc 缓冲区溢出 (幽灵(Ghost))

2015-07-02 00:00:00

citrix

CVE-2015-0235 - Citrix Security Advisory for glibc GHOST Vulnerability

2015-01-28 04:00:00

paloalto

GHOST: glibc vulnerability

2015-02-02 08:00:00

cloudfoundry

CVE-2015-0235 - GHOST | Cloud Foundry

2015-01-28 00:00:00

ubuntu

GNU C Library vulnerability

2015-01-27 00:00:00

PHP vulnerabilities

2015-03-18 00:00:00

exploitdb

PHP DateTime - Use-After-Free

2015-02-23 00:00:00

Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)

2015-03-18 00:00:00

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

2015-01-29 00:00:00

mageia

Updated php packages fix security vulnerabilities

2015-03-04 00:16:02

archlinux

jasper: arbitrary code execution

2015-01-27 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for WEB_APPLICATION_SCANNING_98829