Информационная безопасность
[RU] switch to English


Уязвимости безопасности в PHP
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14443
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждения памяти при разборе архивов, выполнение кода в apache2handler.
Затронутые продукты:PHP : PHP 5.5
CVE:CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter.")
 CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.)
 CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:209 ] php (05.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород