Summary
This host is running PHP and is prone to multiple information disclosure vulnerabilities.
Impact
Successful exploitation could allow local attackers to bypass certain security restrictions and to obtain sensitive information.
Impact Level: Network
Solution
Upgrade to PHP version 5.2.14 or later
For updates refer to http://www.php.net/downloads.php
Insight
Multiple flaws are due to:
- Error in 'trim()', 'ltrim()','rtrim()' and 'substr_replace()' functions, which causes a userspace interruption of an internal function within the call time pass by reference feature.
- Error in 'parse_str()', 'preg_match()', 'unpack()' and 'pack()' functions, 'ZEND_FETCH_RW()', 'ZEND_CONCAT()', and 'ZEND_ASSIGN_CONCAT()' opcodes, and the 'ArrayObject::uasort' method, trigger memory corruption by causing a userspace interruption of an internal function or handler.
Affected
PHP version 5.2 through 5.2.13 and 5.3 through 5.3.2
References
Severity
Classification
-
CVE CVE-2010-2190, CVE-2010-2191 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities