This host is running PHP and is prone to multiple information disclosure vulnerabilities.

Successful exploitation could allow local attackers to bypass certain security restrictions and to obtain sensitive information. Impact Level: Network

Upgrade to PHP version 5.2.14 or later For updates refer to http://www.php.net/downloads.php

Multiple flaws are due to: - Error in 'trim()', 'ltrim()','rtrim()' and 'substr_replace()' functions, which causes a userspace interruption of an internal function within the call time pass by reference feature. - Error in 'parse_str()', 'preg_match()', 'unpack()' and 'pack()' functions, 'ZEND_FETCH_RW()', 'ZEND_CONCAT()', and 'ZEND_ASSIGN_CONCAT()' opcodes, and the 'ArrayObject::uasort' method, trigger memory corruption by causing a userspace interruption of an internal function or handler.

PHP version 5.2 through 5.2.13 and 5.3 through 5.3.2

• http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html
• http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html

---

Updated on 2015-03-25