|
Family: Debian Local Security Checks --> Category: infos
[DSA351] DSA-351-1 php4 Vulnerability Scan
Vulnerability Scan Summary DSA-351-1 php4
Detailed Explanation for this Vulnerability Test
The transparent session ID feature in the php4 package does not
properly escape user-supplied input before inserting it into the
generated HTML page. A possible hacker could use this vulnerability to
execute embedded scripts within the context of the generated page.
For the stable distribution (woody) this problem has been fixed in
version 4:4.1.2-6woody3.
For the unstable distribution (sid) this problem will be fixed soon.
Refer to Debian bug #200736.
We recommend that you update your php4 package.
Solution : http://www.debian.org/security/2003/dsa-351
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|