PHP < 5.2 Multiple Vulnerabilities
|
|
Article ID: 31649
Last updated: 27 Jan, 2009
|
|
|
|
Views: 636
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
PHP < 5.2 Multiple Vulnerabilities |
|
| This script is Copyright (C) 2008 Tenable Network Security, Inc. |
|
|
| Family | CGI abuses |
| Plugin ID | 31649 |
| Bugtraq ID | 20879
|
| CVE ID | CVE-2006-5465
|
|
| Description: |
Synopsis :
The remote web server uses a version of PHP that is affected by
multiple buffer overflows.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2. Such versions may be affected by several
buffer overflows.
To exploit these issues, an attacker would need the ability to upload
an arbitrary PHP script on the remote server, or to be able to
manipulate several variables processed by some PHP functions such as
htmlentities().
See also :
http://www.php.net/releases/5_2_0.php
Solution :
Upgrade to PHP version 5.2.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) |
|
