The host is installed with PHP, that is prone to multiple vulnerabilities.

Successful exploitation could result in remote arbitrary code execution, security restrictions bypass, access to restricted files, denial of service. Impact Level: System

Upgrade to PHP version 5.2.6 or above, http://www.php.net/downloads.php

The flaws are caused by, - an unspecified stack overflow error in FastCGI SAPI (fastcgi.c). - an error during path translation in cgi_main.c. - an error with an unknown impact/attack vectors. - an unspecified error within the processing of incomplete multibyte characters in escapeshellcmd() API function. - error in curl/interface.c in the cURL library(libcurl), which could be exploited by attackers to bypass safe_mode security restrictions. - an error in PCRE. i.e buffer overflow error when handling a character class containing a very large number of characters with codepoints greater than 255(UTF-8 mode).

PHP version prior to 5.2.6

• http://pcre.org/changelog.txt
• http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086
• http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
• http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
• http://www.php.net/ChangeLog-5.php

---

Updated on 2015-03-25