|
|
Family: CGI abuses --> Category: infos
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of PHP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 4.4.3 / 5.1.4. Such versions may be affected by
several issues, including a buffer overflow, heap corruption, and a
flaw by which a variable may survive a call to 'unset()'.
See also :
http://www.securityfocus.com/archive/1/20060409192313.20536.qmail@securityfocus.com
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded
http://www.php.net/release_4_4_3.php
http://www.php.net/release_5_1_3.php
http://www.php.net/release_5_1_4.php
Solution :
Upgrade to PHP version 4.4.3 / 5.1.4 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
