Summary
The host is running PHP and is prone to Memory Information Disclosure vulnerability.
Impact
Successful exploitation could let the attacker read the contents of arbitrary memory locations through a crafted value for an indexed image.
Impact Level: Application
Solution
Upgrade to PHP version 5.2.9 or later.
For updates refer to http://www.php.net/
Insight
The flaw is due to improper validation of bgd_color or clrBack argument in imageRotate function.
Affected
PHP version 5.x to 5.2.8 on all running platform.
References
Severity
Classification
-
CVE CVE-2008-5498 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability