14 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-11143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to cra...
SUSE CVE-2017-11143
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...
Ubuntu: Security Advisory (USN-3382-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2317-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2221)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)
This update for php5 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...
Debian DSA-4081-1 : php5 - security update
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : - CVE-2017-11142 Denial of service via overly long form variables - CVE-2017-11143 Invalid free in wddxdeserialize - CVE-2017-11144 Denial of service in openssl extension due to incorrect...
[SECURITY] [DSA 4081-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq -...
openSUSE Security Update : php5 (openSUSE-2017-1010)
This update for php5 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...
Ubuntu: Security Advisory (USN-3382-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1034-1 : php5 security update
Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. CVE-2016-10397 Incorrect handling of various URI components in th...
[SECURITY] [DLA 1034-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u9 CVE ID : CVE-2016-10397 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11147 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especiall...
PHP < 5.6.31 DoS Vulnerability - Windows
PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
CVE-2017-11143
CVE-2017-11143 affects PHP’s WDDX deserialization of boolean parameters. The issue is caused by an invalid free in WDDX deserialization, which attackers can trigger by injecting XML for deserialization, potentially crash the PHP interpreter (DoS). The vulnerability is described for PHP versions b...