| VID |
22587 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore, potentially affected by the following vulnerabilities:
- An error exists in the function 'php_quot_print_encode' in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings (Bug #64879)
- An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c' that could allow denial of service attacks. (Bug #64895)
Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
http://www.php.net/ChangeLog-5.php#5.3.26
* Platforms Affected:
PHP Prior to 5.3.26
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (5.3.26 or later), available from the PHP Web site at http://www.php.net/ |
| Related URL |
CVE-2013-2110,CVE-2013-4635 (CVE) |
| Related URL |
60411,60731 (SecurityFocus) |
| Related URL |
(ISS) |
|
