PHP Denial Of Service Vulnerability - June13 (Windows) Network Vulnerability

Summary

This host is running PHP and is prone denial of service vulnerability.

Impact

Successful exploitation could allow attackers to cause denial of service (invalid pointer dereference and application crash) via an MP3 file. Impact Level: Application

Solution

Upgrade to PHP 5.4.16 or later, For updates refer to http://www.php.net/downloads.php

Insight

Flaw in 'mget' function in libmagic/softmagic.c, which triggers incorrect MIME type detection during access to an finfo object.

Affected

PHP version before 5.4.X before 5.4.16

References

http://bugs.php.net/bug.php?id=64830
http://www.php.net/ChangeLog-5.php
http://www.security-database.com/detail.php?alert=CVE-2013-4636

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4636

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
aMSN session hijack vulnerability (Windows)
Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
Apache /server-info accessible

PHP Denial of Service Vulnerability - June13 (Windows)

Take action and discover your vulnerabilities