Summary
This host is installed with PHP and is prone to security bypass vulnerability.
Impact
Successful exploitation could allow remote attackers to gain sensitive information via a crafted request.
Impact Level: Application
Solution
Upgrade to PHP Version 5.3.10 or later,
For updates refer to http://php.net/downloads.php
Insight
The flaw is due to an error in importing environment variables, it not properly performing a temporary change to the 'magic_quotes_gpc' directive during the importing of environment variables.
Affected
PHP Version 5.3.9 and prior on windows.
References
Severity
Classification
-
CVE CVE-2012-0831 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Media Server Video Stream Capture Security Issue
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
- Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)