Summary
This host is running PHP and is prone to security bypass vulnerability.
Impact
Successful exploitation could allows remote attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input.
Impact Level: Network
Solution
Upgrade to PHP version 5.2.15 or later
For updates refer to http://www.php.net/downloads.php
Insight
The flaw is due to error in 'extract()' function, it does not prevent use of the 'EXTR_OVERWRITE' parameter to overwrite the GLOBALS superglobal array.
Affected
PHP version prior to 5.2.15
References
Severity
Classification
-
CVE CVE-2011-0752 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability