The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.securityfocus.com/archive/1/archive/1/445788/100/0/threaded http://artofhacking.com/files/phrack/phrack55/P55-07.TXT http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html

The following packages are affected: php5 php52 CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.