Php Version 5640 Vulnerabilities Verified Online

PHP 5.6.40 is insecure and should be treated as high risk. Verified vulnerability classes affecting it make continued production use unsafe. Prioritize upgrading to a supported PHP version, and apply mitigations immediately if upgrade cannot be completed right away.

| CVE | Description | Impact | |------|-------------|--------| | | FastCGI (PHP-FPM) — specially crafted request causes 502 response and memory corruption | Remote Code Execution (RCE) under certain configurations | | CVE-2019-9641 | exif_read_data() — heap-based buffer over-read | Information disclosure / DoS | | CVE-2019-9021 | php_url_parse_ex() — invalid URL parsing leads to CRLF injection | HTTP response splitting, SSRF | | CVE-2019-9020 | xmlrpc_decode() — persistent use-after-free | RCE (theoretical, DoS confirmed) | | CVE-2016-1903 | imap_open() — improper argument filtering | RCE via mailbox name parameter (still present in 5.6.40) | php version 5640 vulnerabilities verified

You can use this for an internal security report, a system admin log, or a client advisory. a system admin log

If you see 5.6.40-0+deb9u1 (Debian) or 5.6.400 (custom compile), treat as . treat as .

You can use this for an internal security report, a system admin log, or a client advisory.

If you see 5.6.40-0+deb9u1 (Debian) or 5.6.400 (custom compile), treat as .