PHP Multiple Buffer Overflow Vulnerabilities - Jan15 Network Vulnerability

Summary

This host is installed with PHP and is prone to denial of service and arbitrary code execution vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service or possibly execute arbitrary code. Impact Level: Application

Solution

Upgrade to PHP version 5.2.7 or later

Insight

The multiple flaws are due to - Improper validation of user supplied input passed to date_from_ISO8601() function in xmlrpc.c - including a timezone field in a date, leading to improper XML-RPC encoding.

Affected

PHP versions 5.2.x before 5.2.7

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://openwall.com/lists/oss-security/2014/11/06/3
http://osvdb.org/114250
https://bugs.php.net/bug.php?id=45226

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8626

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AstroSPACES profile.php SQL Injection Vulnerability
b2Evolution title SQL Injection
Agora CGI Cross Site Scripting
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities

Take action and discover your vulnerabilities