Summary
This host is installed with PHP and is prone to multiple use-after-free vulnerabilities.
Impact
Successful exploitation will allow remote attackers to conduct denial of service attacks or possibly have some other unspecified impact.
Impact Level: Application
Solution
Apply Patches from below links,
http://git.php.net/?p=php-src.git
a=patch
h=22882a9d89712ff2b6ebc20a689a89452bba4dcd
http://git.php.net/?p=php-src.git
a=patch
h=df78c48354f376cf419d7a97f88ca07d572f00fb
*****
NOTE: Ignore this warning if above mentioned patch is installed.
*****
Insight
The flaws are due to an use-after-free error related to SPL iterators and ArrayIterators.
Affected
PHP version 5.x through 5.5.14
Detection
Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-4670, CVE-2014-4698 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability