Apple Mac OS X à 10.11.0 apache_mod_php dénie de service

Une vulnérabilité a été trouvé dans Apple Mac OS X à 10.11.0 (Operating System) et classée critique. Ceci affecte une fonction inconnue du composant apache_mod_php. Mettre à jour à la version 10.11.1 élimine cette vulnérabilité. Une solution envisageable a été publiée immédiatement après la publication de la vulnérabilité.

Domaine15/02/2018 11:1124/06/2022 10:0024/06/2022 10:01
typeOperating SystemOperating SystemOperating System
vendorAppleAppleApple
nameMac OS XMac OS XMac OS X
version<=10.11.0<=10.11.0<=10.11.0
componentapache_mod_phpapache_mod_phpapache_mod_php
risk222
historic000
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.44.44.4
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore6.46.46.4
cvss3_meta_tempscore6.16.36.3
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
advisoryquoteMultiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45.Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45.Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45.
date1445385600 (21/10/2015)1445385600 (21/10/2015)1445385600 (21/10/2015)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT205375https://support.apple.com/en-us/HT205375https://support.apple.com/en-us/HT205375
identifierHT205375HT205375HT205375
disputed000
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
date1445385600 (21/10/2015)1445385600 (21/10/2015)1445385600 (21/10/2015)
upgrade_version10.11.110.11.110.11.1
cveCVE-2015-6837CVE-2015-6837CVE-2015-6837
cve_nvd_published146335680014633568001463356800
oval_idoval:org.cisecurity:def:67oval:org.cisecurity:def:67oval:org.cisecurity:def:67
vulnerabilitycenter537685376853768
vulnerabilitycenter_titleApple MacOS X Remote Code Execution due to PHP Issue - CVE-2015-6837Apple MacOS X Remote Code Execution due to PHP Issue - CVE-2015-6837Apple MacOS X Remote Code Execution due to PHP Issue - CVE-2015-6837
vulnerabilitycenter_severityHighHighHigh
vulnerabilitycenter_creationdate144547200014454720001445472000
vulnerabilitycenter_lastupdate148763520014876352001487635200
vulnerabilitycenter_reportingdate144538560014453856001445385600
nessus_id899678996789967
nessus_nameAmazon Linux AMI : php54 (ALAS-2016-670)Amazon Linux AMI : php54 (ALAS-2016-670)Amazon Linux AMI : php54 (ALAS-2016-670)
nessus_filenameala_ALAS-2016-670.naslala_ALAS-2016-670.naslala_ALAS-2016-670.nasl
nessus_familyAmazon Linux Local Security ChecksAmazon Linux Local Security ChecksAmazon Linux Local Security Checks
openvas_id703358703358703358
openvas_filenamedeb_3358.nasldeb_3358.nasldeb_3358.nasl
openvas_titleDebian Security Advisory DSA 3358-1 (php5 - security update)Debian Security Advisory DSA 3358-1 (php5 - security update)Debian Security Advisory DSA 3358-1 (php5 - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id116281162811628
qualys_titlePHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple VulnerabilitiesPHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple VulnerabilitiesPHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple Vulnerabilities
seealso67396 67398 67420 67724 74064 74065 74127 74528 74575 75008 75634 75635 75636 75637 75638 75702 75703 76123 76128 77708 77709 77714 77715 77716 77717 78773 78781 78782 78783 7878467396 67398 67420 67724 74064 74065 74127 74528 74575 75008 75634 75635 75636 75637 75638 75702 75703 76123 76128 77708 77709 77714 77715 77716 77717 78773 78781 78782 78783 7878467396 67398 67420 67724 74064 74065 74127 74528 74575 75008 75634 75635 75636 75637 75638 75702 75703 76123 76128 77708 77709 77714 77715 77716 77717 78773 78781 78782 78783 78784
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_basescore7.57.57.5
cwe476 (dénie de service)476 (dénie de service)476 (dénie de service)
confirm_urlhttp://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-5.php
cve_assigned1441670400 (08/09/2015)1441670400 (08/09/2015)1441670400 (08/09/2015)
securityfocus767387673876738
sectracker10335481033548
cve_nvd_summaryThe xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.
cvss2_nvd_basescore5.05.0
nessus_riskCritical

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!