PHP 'is_a()' Function Remote File Include Vulnerability Network Vulnerability

Summary

PHP is prone to a remote file-include vulnerability because it fails to properly implement the 'is_a()' function. Exploiting this issue may allow an attacker to compromise PHP applications using the affected function. This may also result in a compromise of the underlying system other attacks are also possible. PHP 5.3.7 and 5.3.8 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
http://www.php.net
https://bugs.php.net/bug.php?id=55475

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-3379

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Mac OS X
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe Acrobat Unspecified vulnerability

Take action and discover your vulnerabilities