| VID |
22291 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server is running a version of PHP which is older than 4.3.9 or 5.0.2.
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP 4.x.x up to 4.3.8, and 5.x up to 5.0.1 are vulnerable to an arbitrary location file upload vulnerability, due to two bugs of the PHP application to properly sanitize user-supplied file name input. These two bugs in PHP may allow the disclosure of portions of memory and allow remote attackers to upload files to arbitrary locations. A remote attacker could exploit the first vulnerability to view memory contents. On a server with a script that provides file uploads, an attacker could exploit the second vulnerability to upload files to an arbitrary location. On systems where the HTTP server is allowed to write in a HTTP-accessible location, this could lead to remote execution of arbitrary commands with the rights of the HTTP server.
* References:
http://www.securityfocus.com/archive/1/376865
http://www.securityfocus.com/archive/1/375370
http://viewcvs.php.net/viewcvs.cgi/php-src/NEWS.diff?r1=1.1247.2.724&r2=1.1247.2.726
* Platforms Affected:
PHP 4.3.9 prior
PHP 5.0.2 prior
Any operating systems Any version |
| Recommendation |
Upgrade to the latest version of PHP (4.3.9 or 5.0.2 or later), available from the PHP Download site at http://www.php.net/downloads.php
For Gentoo Linux:
Upgrade to the latest version of PHP (4.3.9 or later), as listed in Gentoo Linux Security Advisory GLSA 200410-04 at http://www.gentoo.org/security/en/glsa/glsa-200410-04.xml
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0959
CVE-2004-0959 (CVE) |
| Related URL |
11190 (SecurityFocus) |
| Related URL |
17392 (ISS) |
|
