| VID |
22347 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server is running a version of PHP which is older than 5.0.4 or 4.3.11. PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP versions 4.x prior to 4.3.11 and PHP versions 5.0.x prior to 5.0.4 are vulnerable to a code execution vulnerability and a denial of service vulnerability, caused by multiple vulnerabilities in the processing of certain EXIF IFD (Image File Directory) data in the EXIF module. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.php.net/ChangeLog-5.php#5.0.4
http://www.php.net/ChangeLog-4.php#4.3.11
http://securityfocus.com/archive/1/396618
* Platforms Affected:
PHP Group, PHP versions 4.x prior to 4.3.11
PHP Group, PHP versions 5.0.x prior to 5.0.4
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (4.3.11 or 5.0.4 or later), available from the PHP Web site at http://www.php.net/ |
| Related URL |
CVE-2005-0524,CVE-2005-0525,CVE-2005-1042,CVE-2005-1043 (CVE) |
| Related URL |
13143,13163,13164 (SecurityFocus) |
| Related URL |
20117 (ISS) |
|
