According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.5. It is, therefore, affected by the following vulnerabilities :
A memory allocation issue exists in the zend_string_extend() function in file Zend/zend_string.h when concatenating strings due to a failure to prevent changes to string objects that result in a negative length. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or possibly other unspecified impact. (CVE-2017-8923)
A memory allocation issue exists in the i_zval_ptr_dtor() function in Zend/zend_variables.h when allocating large amounts of memory. An unauthenticated, remote attacker can exploit this, via crafted operations on array data structures, to cause a denial of service condition. (CVE-2017-9119)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data