Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2006:028: php Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the php package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2006:028 (php).

Multiple response splitting vulnerabilities in PHP allow remote attackers to
inject arbitrary HTTP headers via unknown attack vectors, possibly involving a
crafted Set-Cookie header, related to the (1) session extension (aka ext/
session) and the (2) header function. (CVE-2006-0207) Multiple cross-site
scripting (XSS) vulnerabilities in PHP allow remote attackers to inject
arbitrary web script or HTML via unknown attack vectors in 'certain error
conditions.' (CVE-2006-0208). This issue does not affect Corporate Server 2.1.
Updated packages are patched to address these issues. Users must execute
'service httpd restart' for the new PHP modules to be loaded by Apache.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.