| VID |
22473 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server is running a version of PHP which is older than 5.2.7. PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP versions prior to 5.2.7 are reported prone to multiple vulnerabilities, which could be exploited by attackers to bypass security checks, cause a denial of service or execute arbitrary code via multiple buffer overflows.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://securityreason.com/achievement_securityalert/57
http://securityreason.com/achievement_securityalert/58
http://securityreason.com/achievement_securityalert/59
http://www.sektioneins.de/advisories/SE-2008-06.txt
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html
http://bugs.php.net/bug.php?id=42862
http://bugs.php.net/bug.php?id=45151
http://bugs.php.net/bug.php?id=45722
http://www.php.net/releases/5_2_7.php
http://www.php.net/ChageLog-5.php#5.2.7
* Platforms Affected:
PHP versions prior to 5.2.7
Any operating systems Any version |
| Recommendation |
Upgrade to the latest version of PHP (5.2.7 or later), available from the PHP Web site at http://www.php.net |
| Related URL |
CVE-2008-2371,CVE-2008-2665,CVE-2008-2666,CVE-2008-2829,CVE-2008-3658,CVE-2008-3659,CVE-2008-3660,CVE-2008-5557,CVE-2008-5624,CVE-2008-5625 (CVE) |
| Related URL |
29796,29797,29829,30087,30649,31612,32383,32625,32688,32948 (SecurityFocus) |
| Related URL |
(ISS) |
|
