Korean
<< Back
VID 22588
Severity 40
Port 80, ...
Protocol TCP
Class CGI
Detailed Description According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.16. It is, therefore, potentially affected by the following vulnerabilities:

- An error exists in the mimetype detection of 'mp3' files that could lead to a denial of service. (Bug #64830)

- An error exists in the function 'php_quot_print_encode' in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings (Bug #64879)

- An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c' that could allow denial of service attacks. (Bug #64895)

Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.

* References:
https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
http://www.php.net/ChangeLog-5.php#5.4.16

* Platforms Affected:
PHP Prior to 5.4.16
Any operating system Any version
Recommendation Upgrade to the latest version of PHP (5.4.16 or later), available from the PHP Web site at http://www.php.net/
Related URL CVE-2013-2110,CVE-2013-4635,CVE-2013-4636 (CVE)
Related URL 60411,60728,60731 (SecurityFocus)
Related URL (ISS)