VID |
22588 |
Severity |
40 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.16. It is, therefore, potentially affected by the following vulnerabilities:
- An error exists in the mimetype detection of 'mp3' files that could lead to a denial of service. (Bug #64830)
- An error exists in the function 'php_quot_print_encode' in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings (Bug #64879)
- An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c' that could allow denial of service attacks. (Bug #64895)
Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 http://www.php.net/ChangeLog-5.php#5.4.16
* Platforms Affected: PHP Prior to 5.4.16 Any operating system Any version |
Recommendation |
Upgrade to the latest version of PHP (5.4.16 or later), available from the PHP Web site at http://www.php.net/ |
Related URL |
CVE-2013-2110,CVE-2013-4635,CVE-2013-4636 (CVE) |
Related URL |
60411,60728,60731 (SecurityFocus) |
Related URL |
(ISS) |
|