Php < 4.3.8 Network Vulnerability

Summary

The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. PHP is a scripting language which acts as a module for Apache or as a standalone interpreter. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host if the option memory_limit is set. Another bug in the function strip_tags() may allow an attacker to bypass content-restrictions when submitting data and may lead to cross-site-scripting issues.

Solution

Upgrade to PHP 4.3.8

Severity

Classification

CVE CVE-2004-0594, CVE-2004-0595

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apple Safari Multiple Vulnerabilities

php < 4.3.8

Take action and discover your vulnerabilities