Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.140013
Categoría:F5 Local Security Checks
Título:F5 BIG-IP - PHP vulnerability CVE-2015-8935
Resumen:F5 BIG-IP is prone to a vulnerability in PHP.
Descripción:Summary:
F5 BIG-IP is prone to a vulnerability in PHP.

Vulnerability Insight:
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38,
5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering
browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks
against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header
function.

Vulnerability Impact:
This vulnerability may allow remote attackers to conduct
cross-site scripting (XSS) attacks by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the
header function.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-8935
http://www.openwall.com/lists/oss-security/2016/06/20/3
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.