Detections
Analytics

PHP 5.5.x < 5.5.14 Multiple Vulnerabilities

high Nessus Plugin ID 76282

Language:

Synopsis

The remote web server is running a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities :

 - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain', and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

 - A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'.
 (CVE-2014-3478)

 - A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515)

 - An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)

 - A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049)

 - A type-confusion error exists related to the function 'php_print_info' that could allow disclosure of sensitive information. (CVE-2014-4721)

 - An error exists related to unserialization and 'SplFileObject' handling that could allow denial of service attacks. (Bug #67072)

 - A double free error exists related to the Intl extension and the method 'Locale::parseLocale' having unspecified impact. (Bug #67349)

 - A buffer overflow error exists related to the Intl extension and the functions 'locale_get_display_name' and 'uloc_getDisplayName' having unspecified impact.
 (Bug #67397)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 5.5.14 or later.

See Also

http://www.php.net/ChangeLog-5.php#5.5.14

https://bugs.php.net/bug.php?id=67072

https://bugs.php.net/bug.php?id=67326

https://bugs.php.net/bug.php?id=67349

https://bugs.php.net/bug.php?id=67390

https://bugs.php.net/bug.php?id=67397

https://bugs.php.net/bug.php?id=67410

https://bugs.php.net/bug.php?id=67411

https://bugs.php.net/bug.php?id=67412

https://bugs.php.net/bug.php?id=67413

https://bugs.php.net/bug.php?id=67432

https://bugs.php.net/bug.php?id=67492

https://bugs.php.net/bug.php?id=67498

https://seclists.org/oss-sec/2014/q3/29

https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html

Plugin Details

Severity: High

ID: 76282

File Name: php_5_5_14.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 6/27/2014

Updated: 5/31/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-3515

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 6/26/2014

Vulnerability Publication Date: 6/26/2014

Reference Information

CVE: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4721

BID: 67837, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423, 68550