PHP < 5.2.13 Multiple Vulnerabilities Network Vulnerability

Summary

The remote web server has installed a PHP Version which is prone to Multiple Vulnerabilities. 1. A 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions. 2. A 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations or create files in any writable directory. 3. An unspecified security vulnerability that affects LCG entropy. PHP versions prior to 5.2.13 are affected.

Solution

Updates are available. Please see the references for details.

References

http://securityreason.com/achievement_securityalert/82
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272
http://www.php.net
http://www.php.net/releases/5_2_13.php
http://www.securityfocus.com/bid/38182
http://www.securityfocus.com/bid/38430
http://www.securityfocus.com/bid/38431

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1128, CVE-2010-1129

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
ASUS RT56U Router Multiple Vulnerabilities
ALCASAR Remote Code Execution Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities

Take action and discover your vulnerabilities