Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities


Vulnerability Assessment Details

PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities

Vulnerability Assessment Summary
Checks version of PHP

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server uses a version of PHP that is affected by
multiple flaws.

Description :

According to its banner, the version of PHP installed on the remote
host is older than 4.4.3 / 5.1.4. Such versions may be affected by
several issues, including a buffer overflow, heap corruption, and a
flaw by which a variable may survive a call to 'unset()'.

See also :

http://www.securityfocus.com/archive/1/20060409192313.20536.qmail@securityfocus.com
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded
http://www.php.net/release_4_4_3.php
http://www.php.net/release_5_1_3.php
http://www.php.net/release_5_1_4.php

Solution :

Upgrade to PHP version 4.4.3 / 5.1.4 or later.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 17296, 17362, 17439, 17843, 18116, 18645

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors

Gagabyte MB with CPU 2.8MB and 4MB memory GA-EP-UD3L 
$19.99
Gagabyte MB with CPU 2.8MB and 4MB memory GA-EP-UD3L  pictureHP 500207-071 16GB 4RX4 PC3-8500R ECC REG SERVER MEMORY - OEM QTYS AVAILABLE
$21.99
HP 500207-071 16GB  4RX4 PC3-8500R ECC REG SERVER MEMORY - OEM  QTYS AVAILABLE pictureIBM 41Y2857 4G MEMORY PC2-3200R 30R5145 43X5030 512MX72 RAM LOT OF 8, 32GB
$24.95
IBM 41Y2857 4G MEMORY PC2-3200R 30R5145 43X5030 512MX72 RAM LOT OF 8, 32GB pictureCrucial PC2-5300 (DDR2-667) 1 GB UDIMM 667 MHz PC2-5300 DDR2 RAM Memory...
$1.7
Crucial PC2-5300 (DDR2-667) 1 GB UDIMM 667 MHz PC2-5300 DDR2 RAM Memory... picture


Discussions

No Discussions have been posted on this vulnerability.