Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:028: php Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the php package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:028 (php).
Multiple response splitting vulnerabilities in PHP allow remote attackers to
inject arbitrary HTTP headers via unknown attack vectors, possibly involving a
crafted Set-Cookie header, related to the (1) session extension (aka ext/
session) and the (2) header function. (CVE-2006-0207) Multiple cross-site
scripting (XSS) vulnerabilities in PHP allow remote attackers to inject
arbitrary web script or HTML via unknown attack vectors in 'certain error
conditions.' (CVE-2006-0208). This issue does not affect Corporate Server 2.1.
Updated packages are patched to address these issues. Users must execute
'service httpd restart' for the new PHP modules to be loaded by Apache.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:028
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.