Sysload Monitor: Vulnerabilities in Apache and PHP
Article ID: 188649
Updated On:
Products
Issue/Introduction
Multiple Vulnerabilities were found on Sysload Monitor as it uses Apache Httpd server 2.4.10 and PHP 5.6.3.
Details of the potential vulnerabilities found:
Apache:
Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities
Apache 2.4.x < 2.4.39 Multiple Vulnerabilities
Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
Apache 2.4.x < 2.4.35 DoS
CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679
CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, CVE-2017-9788, CVE-2017-9789, CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312,CVE-2018-1333, CVE-2018-8011, CVE-2018-17189, CVE-2018-17199, CVE-2019-0190, CVE-2019-0196, CVE-2019-0197, CVE-2019-0211,
CVE-2019-0215, CVE-2019-0217, CVE-2019-0220, CVE-2018-11763, CVE-2017-9798
-------------------------------------------------------------
PHP:
PHP 5.6.x < 5.6.36 Multiple Vulnerabilities
PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
PHP prior to 5.5.x < 5.5.31 / 5.6.x < 5.6.17 Multiple Vulnerabilities
PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability
CVE-2015-7803, CVE-2015-7804, CVE-2016-1903, CVE-2016-5114, CVE-2016-7478, CVE-2016-9933,
CVE-2016-9934, CVE-2018-5711, CVE-2018-5712, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548,
CVE-2018-10549, CVE-2018-14851, CVE-2018-14883, CVE-2018-15132, CVE-2018-17082
Environment
Release : 6.0.0
Component : Sysload Monitor
Cause
Resolution
Fix version(s):
Component: Sysload Monitor
Sysload 6.0.0 HF2 - Released 10th April 2020
Please apply the instuctions indicated in the file readme.txt
Additional Information
Additionally, no more license is needed in Sysload Monitor since this version 6.0.0 HF2.
This patch contains the following modules:
- Sysload Monitor 6.00 build 93.4
- Apache 2.4.41
- PHP 7.4.1
Feedback
