PHP 'is_a()' Function Remote File Include Vulnerability Network Vulnerability

Summary

PHP is prone to a remote file-include vulnerability because it fails to properly implement the 'is_a()' function. Exploiting this issue may allow an attacker to compromise PHP applications using the affected function. This may also result in a compromise of the underlying system other attacks are also possible. PHP 5.3.7 and 5.3.8 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
http://www.php.net
https://bugs.php.net/bug.php?id=55475

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-3379

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Windows)
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe Captivate Insecure Library Loading Vulnerability
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)

Take action and discover your vulnerabilities