PHP 'extract()' Function Security Bypass Vulnerability Network Vulnerability

Summary

This host is running PHP and is prone to security bypass vulnerability.

Impact

Successful exploitation could allows remote attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input. Impact Level: Network

Solution

Upgrade to PHP version 5.2.15 or later For updates refer to http://www.php.net/downloads.php

Insight

The flaw is due to error in 'extract()' function, it does not prevent use of the 'EXTR_OVERWRITE' parameter to overwrite the GLOBALS superglobal array.

Affected

PHP version prior to 5.2.15

References

http://www.openwall.com/lists/oss-security/2010/12/13/4
http://www.php.net/releases/5_2_15.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0752

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities
Apache Tomcat DOS Device Name XSS
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
123 Flash Chat Multiple Security Vulnerabilities

Take action and discover your vulnerabilities