SUSE CVE-2015-3330

The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...

Fedora 30 : php (2019-1d78e14cfd)

PHP version 7.3.4 04 April 2019 Core: - Fixed bug php77738 Nullptr deref in zendcompileexpr. Laruence - Fixed bug php77660 Segmentation fault on break 2147483648. Laruence - Fixed bug php77652 Anonymous classes can lose their interface information. Nikita - Fixed bug php77345 Stack Overflow cause...

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.8. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the zendsharedmemdup function within file ext/opcache/zendsharedalloc.c that allows an...

PHP 'Transfer-Encoding: chunked' XSS Vulnerability - Active Check

PHP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Fedora 26 : php (2018-e8bc8d2784)

PHP version 7.1.15 01 Mar 2018 Apache2Handler: - Fixed bug php75882 a simple way for segfaults in threadsafe php just with configuration. Anatol Date: - Fixed bug php75857 Timezone gets truncated when formatted. carusogabriel - Fixed bug php75928 Argument 2 for DateTimeZone::listIdentifiers shoul...

Fedora 27 : php (2018-a89ccf7133)

PHP version 7.1.15 01 Mar 2018 Apache2Handler: - Fixed bug php75882 a simple way for segfaults in threadsafe php just with configuration. Anatol Date: - Fixed bug php75857 Timezone gets truncated when formatted. carusogabriel - Fixed bug php75928 Argument 2 for DateTimeZone::listIdentifiers shoul...

Fedora 27 : php (2017-46e8bdccef)

PHP version 7.1.11 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...

Fedora 25 : php (2017-cdaaf6ea12)

PHP version 7.0.25 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

CVE-2015-8994

CVE-2015-8994 concerns PHP 5.x and 7.x when using apache2handler/mod_php or php-fpm with OpCache enabled. In affected SAPIs, Zend OpCache creates a shared memory object owned by the common parent during initialization, and child processes inherit its descriptor. This can allow opcode cache data t...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

Fedora 22 : php-5.6.18-1.fc22 (2016-1bc6ca8445)

04 Feb 2016, PHP 5.6.18 Core: Fixed bug php71039 exec functions ignore length but look for NULL termination. Anatol Fixed bug php71089 No check to duplicate zendextension. Remi Fixed bug php71201 round segfault on 64-bit builds. Anatol Added support for new HTTP 451 code. Julien Fixed bug php7127...

Fedora 23 : php-5.6.18-1.fc23 (2016-46a34efa06)

04 Feb 2016, PHP 5.6.18 Core: Fixed bug php71039 exec functions ignore length but look for NULL termination. Anatol Fixed bug php71089 No check to duplicate zendextension. Remi Fixed bug php71201 round segfault on 64-bit builds. Anatol Added support for new HTTP 451 code. Julien Fixed bug php7127...

CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...

Oracle Linux 7 : php (ELSA-2015-1135)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1135 advisory. - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character...

PHP security vulnerabilities

apache2handler code execution, memory corruption on archives parsing...

Fedora 20 : php-5.5.24-1.fc20 (2015-6399)

16 Apr 2015, PHP 5.5.24 Apache2handler : - Fixed bug 69218 potential remote code execution with apache 2.4 apache2handler. Gerrit Venema Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 67626 User exceptions not properly handled in streams...

PHP 5.5.x < 5.5.24 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the zendsharedmemdup function within file ext/opcache/zendsharedalloc.c that allows an...

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.8. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the zendsharedmemdup function within file ext/opcache/zendsharedalloc.c that allows an...

CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...