Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98853
HistoryJan 09, 2019 - 12:00 a.m.

PHP 7.0.x < 7.0.7 Multiple Vulnerabilities

2019-01-0900:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.026

Percentile

90.3%

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.7. It is, therefore, affected by multiple vulnerabilities :

  • An out-of-bounds read error exists in the _gdContributionsCalc() function within file ext/gd/libgd/gd_interpolation.c. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2013-7456)

  • An out-of-bounds read error exists in the get_icu_value_internal() function within file ext/intl/locale/locale_methods.c due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2016-5093)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.026

Percentile

90.3%