PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2015-4022

больше 10 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...

CVSS2: 7.5

EPSS: Средний

CVE-2015-4021

больше 10 лет назад

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

CVSS2: 5

EPSS: Средний

CVE-2015-4021

больше 10 лет назад

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ...

CVSS2: 5

EPSS: Средний

CVE-2015-3330

больше 10 лет назад

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

CVSS2: 6.8

EPSS: Средний

CVE-2015-3330

больше 10 лет назад

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...

CVSS2: 6.8

EPSS: Средний

CVE-2015-3329

больше 10 лет назад

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

CVSS2: 7.5

EPSS: Средний

CVE-2015-3329

больше 10 лет назад

Multiple stack-based buffer overflows in the phar_set_inode function i ...

CVSS2: 7.5

EPSS: Средний

CVE-2015-3307

больше 10 лет назад

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

CVSS2: 7.5

EPSS: Средний

CVE-2015-3307

больше 10 лет назад

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4. ...

CVSS2: 7.5

EPSS: Средний

CVE-2015-2783

больше 10 лет назад

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.

CVSS2: 5.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...	CVSS2: 7.5	21% Средний	больше 10 лет назад
CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.	CVSS2: 5	42% Средний	больше 10 лет назад
CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ...	CVSS2: 5	42% Средний	больше 10 лет назад
CVE-2015-3330 The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."	CVSS2: 6.8	39% Средний	больше 10 лет назад
CVE-2015-3330 The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...	CVSS2: 6.8	39% Средний	больше 10 лет назад
CVE-2015-3329 Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.	CVSS2: 7.5	28% Средний	больше 10 лет назад
CVE-2015-3329 Multiple stack-based buffer overflows in the phar_set_inode function i ...	CVSS2: 7.5	28% Средний	больше 10 лет назад
CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.	CVSS2: 7.5	18% Средний	больше 10 лет назад
CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4. ...	CVSS2: 7.5	18% Средний	больше 10 лет назад
CVE-2015-2783 ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.	CVSS2: 5.8	10% Низкий	больше 10 лет назад

Уязвимостей на страницу