|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200507-07] phpWebSite: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary phpWebSite: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200507-07
(phpWebSite: Multiple vulnerabilities)
phpWebSite fails to sanitize input sent to the XML-RPC server
using the "POST" method. Other unspecified vulnerabilities have been
discovered by Diabolic Crab of Hackers Center.
Impact
A remote attacker could exploit the XML-RPC vulnerability to
execute arbitrary PHP script code by sending specially crafted XML data
to phpWebSite. The undisclosed vulnerabilities do have an unknown
impact.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921
http://phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=989
Solution:
All phpWebSite users should upgrade to the latest available
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-app/phpwebsite-0.10.1-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|