[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2015-535 --- php55

ID: oval:org.secpod.oval:def:1200186Date: (C)2015-12-29   (M)2024-02-19
Class: PATCHFamily: unix




An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP"s FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions

Platform:
Amazon Linux AMI
Product:
php55
Reference:
ALAS-2015-535
CVE-2015-4021
CVE-2015-4022
CVE-2015-4025
CVE-2015-4024
CVE-2015-4026
CVE    5
CVE-2015-4026
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
...
CPE    2
cpe:/o:amazon:linux
cpe:/a:php:php55

© SecPod Technologies