Detections
Analytics
PHP 7.2.x < 7.2.14 Multiple vulnerabilities.
critical Nessus Plugin ID 121353
Language:
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.Description
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.14. It is, therefore, affected by multiple vulnerabilities:- An integer underflow condition exists in _gdContributionsAlloc function in gd_interpolation.c. An unauthenticated, remote attacker can have unspecified impact via vectors related to decrementing the u variable. (CVE-2016-10166)
- A denial of service (DoS) vulnerability exists in ext/imap/php_imap.c. An unauthenticated, remote attacker can exploit this issue, via an empty string in the message argument to the imap_mail function, to cause the application to stop responding. (CVE-2018-19935)
- A heap-based buffer overflow exists in gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5.
An unauthenticated, remote attacker can exploit this via the triggering of imagecolormatch calls with crafted image data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-6977)
- A heap-based buffer over-read exists in the xmlrpc_decode function due to improper validation of input data. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a heap out-of-bounds read or read-after-free condition, which could result in a complete system compromise. (CVE-2019-9020)
- A heap-based buffer over-read exists in the PHAR reading functions in the PHAR extension, due to improper implementation of memory operations. An unauthenticated, remote attacker can exploit this, via persuading a user to parse a specially crafted file name on the targeted system, to disclose sensitive information. (CVE-2019-9021)
- An information disclosure vulnerability exists in the dns_get_record function due to improper parsing of DNS responses. An unauthenticated, remote attacker can exploit this, via a specially crafted DNS reply sent from a rogue DNS server to disclose potentially sensitive information. (CVE-2019-9022)
- Multiple heap-based buffer over-read instances exist in mbstring regular expression functions due to improper implementation of memory operations. An unauthenticated, remote attacker can exploit this by sending a specially crafted regular expression that contains multibyte sequences, to cause a condition that could allow the attacker to completely compromise the target system. (CVE-2019-9023)
- An out-of-bounds read error exists in the xmlrpc_decode function due to improper implementation of memory operations. An unauthenticated, remote attacker can exploit this, via a hostile XMLRPC server to cause PHP to read from memory outside of allocated areas. (CVE-2019-9024)
Solution
Upgrade to PHP version 7.2.14 or later.See Also
Plugin Details
Severity: Critical
ID: 121353
File Name: php_7_2_14.nasl
Version: 1.9
Type: remote
Family: CGI abuses
Published: 1/24/2019
Updated: 6/26/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-9023
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/10/2019
Vulnerability Publication Date: 1/10/2019
Reference Information
CVE: CVE-2016-10166, CVE-2018-19935, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024