Summary
This host is installed with PHP and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation could allow remote attackers to cause denial of service conditions.
Impact Level: Application
Solution
Upgrade to PHP version 5.4.0 or later,
For updates refer to http://php.net/downloads.php
Insight
Multiple flaws are due to
- An error in application which makes calls to the 'zend_strndup()' function without checking the returned values. A local user can run specially crafted PHP code to trigger a null pointer dereference in zend_strndup() and cause the target service to crash.
- An error in 'tidy_diagnose' function, which might allows remote attackers to cause a denial of service via crafted input.
Affected
PHP Version 5.3.8 on Windows.
References
Severity
Classification
-
CVE CVE-2011-4153, CVE-2012-0781 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities