| VID |
22443 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server is running a version of PHP which is older than 4.4.7 / 5.2.2. PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP versions prior to 4.4.7 and versions 5.x prior to 5.2.2 are reported prone to multiple buffer overflow vulnerabilities in the createwbmp and readwbmp functions in the GD graphics library (libgd). By creating a specially-crafted Wireless Bitmap (WBMP) image, a remote attacker could execute arbitrary code on the affected host or cause a denial of service, if the attacker could persuade the victim to view the malicious image.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php
http://www.securityfocus.com/archive/1/archive/1/464957/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded
http://www.frsirt.com/english/advisories/2007/1269
http://secunia.com/advisories/24814
http://secunia.com/advisories/24924
http://secunia.com/advisories/24965
http://secunia.com/advisories/24945
* Platforms Affected:
PHP versions prior to 4.4.7
PHP versions 5.x prior to 5.2.2
Any operating systems Any version |
| Recommendation |
Upgrade to the latest version of PHP (4.4.7 or 5.2.2 later), available from the PHP Web site at http://www.php.net |
| Related URL |
CVE-2007-1001 (CVE) |
| Related URL |
23357 (SecurityFocus) |
| Related URL |
33453 (ISS) |
|
