Multiple Vulnerabilities were found on Sysload Monitor as it uses Apache Httpd server 2.4.10 and PHP 5.6.3.
Details of the potential vulnerabilities found:
Apache:
Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities
Apache 2.4.x < 2.4.39 Multiple Vulnerabilities
Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
Apache 2.4.x < 2.4.35 DoS
CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679
CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, CVE-2017-9788, CVE-2017-9789, CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312,CVE-2018-1333, CVE-2018-8011, CVE-2018-17189, CVE-2018-17199, CVE-2019-0190, CVE-2019-0196, CVE-2019-0197, CVE-2019-0211,
CVE-2019-0215, CVE-2019-0217, CVE-2019-0220, CVE-2018-11763, CVE-2017-9798
-------------------------------------------------------------
PHP:
PHP 5.6.x < 5.6.36 Multiple Vulnerabilities
PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
PHP prior to 5.5.x < 5.5.31 / 5.6.x < 5.6.17 Multiple Vulnerabilities
PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability
CVE-2015-7803, CVE-2015-7804, CVE-2016-1903, CVE-2016-5114, CVE-2016-7478, CVE-2016-9933,
CVE-2016-9934, CVE-2018-5711, CVE-2018-5712, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548,
CVE-2018-10549, CVE-2018-14851, CVE-2018-14883, CVE-2018-15132, CVE-2018-17082
Release : 6.0.0
Component : Sysload Monitor
Additionally, no more license is needed in Sysload Monitor since this version 6.0.0 HF2.
This patch contains the following modules:
- Sysload Monitor 6.00 build 93.4
- Apache 2.4.41
- PHP 7.4.1