The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1218 advisory.

    - fix patch for CVE-2015-4024
    - core: fix multipart/form-data request can use excessive       amount of CPU usage CVE-2015-4024
    - fix various functions accept paths with NUL character       CVE-2015-4026, #1213407
    - ftp: fix integer overflow leading to heap overflow when       reading FTP file listing CVE-2015-4022
    - phar: fix buffer over-read in metadata parsing CVE-2015-2783
    - phar: invalid pointer free() in phar_tar_process_metadata()       CVE-2015-3307
    - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
    - phar: fix memory corruption in phar_parse_tarfile caused by       empty entry file name CVE-2015-4021
    - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425
    - core: fix use-after-free in unserialize CVE-2015-2787
    - exif: fix free on unitialized pointer CVE-2015-0232
    - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709
    - date: fix use after free vulnerability in unserialize CVE-2015-0273
    - enchant: fix heap buffer overflow in enchant_broker_request_dict       CVE-2014-9705
    - phar: use after free in phar_object.c CVE-2015-2301

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 : php (ELSA-2015-1218)

critical Nessus Plugin ID 84659

Version 1.17