Summary
This host is running PHP and is prone to multiple security bypass vulnerability.
Impact
Successful exploitation could allow remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact.
Impact Level: Application/Network
Solution
upgrade to PHP 5.3.4 or later
For updates refer to http://www.php.net/downloads.php
Insight
The flaws are caused to:
- An error in handling pathname which accepts the '?' character in a pathname.
- An error in 'iconv_mime_decode_headers()' function in the 'Iconv' extension.
- 'SplFileInfo::getType' function in the Standard PHP Library (SPL) extension, does not properly detect symbolic links in windows.
- Integer overflow in the 'mt_rand' function.
- Race condition in the 'PCNTL extension', when a user-defined signal handler exists.
Affected
PHP version prior to 5.3.4
References
Severity
Classification
-
CVE CVE-2006-7243, CVE-2010-4699, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability