| Nessus Plugin ID: 31649 | Name: PHP
< 5.2 Multiple Vulnerabilities |
| CVE References: CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) |
| SANS/FBI TOP20 Reference: |
| Group/Family: CGI abuses |
| Risk: High |
Description: Synopsis :
The remote web server uses a version of PHP that is affected by
multiple buffer overflows.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2. Such versions may be affected by several
buffer overflows.
To exploit these issues, an attacker would need the ability to upload
an arbitrary PHP script on the remote server, or to be able to
manipulate several variables processed by some PHP functions such as
htmlentities().
See also :
http://www.php.net/releases/5_2_0.php
Solution :
Upgrade to PHP version 5.2.0 or later.
/ CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
| Created: 2008-12-29 13:11:36 | Last Changed: 2009-11-20 22:04:14 |