Executive Summary
Summary | |
---|---|
Title | php5 security update |
Informations | |||
---|---|---|---|
Name | DSA-4081 | First vendor Publication | 2018-01-08 |
Vendor | Debian | Last vendor Modification | 2018-01-08 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free() in wddx_deserialize() CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function. CVE-2017-11145 Out-of-bounds read in wddx_deserialize() CVE-2017-11628 Buffer overflow in PHP INI parsing API CVE-2017-12933 Buffer overread in finish_nested_data() CVE-2017-16642 Out-of-bounds read in timelib_meridian() For the oldstable distribution (jessie), these problems have been fixed in version 5.6.33+dfsg-0+deb8u1. We recommend that you upgrade your php5 packages. For the detailed security status of php5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php5 |
Original Source
Url : http://www.debian.org/security/2018/dsa-4081 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-125 | Out-of-bounds Read |
12 % | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
12 % | CWE-502 | Deserialization of Untrusted Data |
12 % | CWE-416 | Use After Free |
12 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
12 % | CWE-200 | Information Exposure |
12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-05-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL75543432.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4081.nasl - Type : ACT_GATHER_INFO |
2018-01-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4080.nasl - Type : ACT_GATHER_INFO |
2017-12-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1371.nasl - Type : ACT_GATHER_INFO |
2017-12-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1353.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_7_1_11.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_7_0_25.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_5_6_32.nasl - Type : ACT_GATHER_INFO |
2017-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201709-21.nasl - Type : ACT_GATHER_INFO |
2017-09-22 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1079.nasl - Type : ACT_GATHER_INFO |
2017-09-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2522-1.nasl - Type : ACT_GATHER_INFO |
2017-09-18 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1061.nasl - Type : ACT_GATHER_INFO |
2017-09-12 | Name : The Tenable SecurityCenter application on the remote host contains a PHP libr... File : securitycenter_php_5_6_31.nasl - Type : ACT_GATHER_INFO |
2017-09-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1010.nasl - Type : ACT_GATHER_INFO |
2017-09-05 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-994.nasl - Type : ACT_GATHER_INFO |
2017-08-31 | Name : The remote Debian host is missing a security update. File : debian_DLA-1076.nasl - Type : ACT_GATHER_INFO |
2017-08-28 | Name : The remote Debian host is missing a security update. File : debian_DLA-1066.nasl - Type : ACT_GATHER_INFO |
2017-08-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3382-1.nasl - Type : ACT_GATHER_INFO |
2017-07-24 | Name : The remote Debian host is missing a security update. File : debian_DLA-1034.nasl - Type : ACT_GATHER_INFO |
2017-07-13 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_5_6_31.nasl - Type : ACT_GATHER_INFO |
2017-07-13 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_7_1_7.nasl - Type : ACT_GATHER_INFO |
2017-07-13 | Name : The version of PHP running on the remote web server is affected by multiple v... File : php_7_0_21.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-01-09 00:20:35 |
|