Summary
This host is running PHP and is prone to multiple security bypass vulnerability.
Impact
Successful exploitation could allow remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact.
Impact Level: Application/Network
Solution
upgrade to PHP 5.3.4 or later
For updates refer to http://www.php.net/downloads.php
Insight
The flaws are caused to:
- An error in handling pathname which accepts the '?' character in a pathname.
- An error in 'iconv_mime_decode_headers()' function in the 'Iconv' extension.
- 'SplFileInfo::getType' function in the Standard PHP Library (SPL) extension, does not properly detect symbolic links in windows.
- Integer overflow in the 'mt_rand' function.
- Race condition in the 'PCNTL extension', when a user-defined signal handler exists.
Affected
PHP version prior to 5.3.4
References
Severity
Classification
-
CVE CVE-2006-7243, CVE-2010-4699, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability