Description
** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Realtime Sitemap Multiple Unspecified Vulnerabilities (1.5.5)
WordPress Plugin Twitter Button by BestWebSoft Cross-Site Scripting (2.54)
Oracle Database Server CVE-2014-6542 Vulnerability (CVE-2014-6542)
WordPress Plugin All-in-One Addons for Elementor-WidgetKit Cross-Site Scripting (2.4.3)
WordPress Plugin Google Maps CP Cross-Site Scripting (1.0.3)