PHP Multiple Vulnerabilities - Sep09 Network Vulnerability

Summary

This host is running PHP and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to spoof certificates and can cause unknown impacts in the context of the web application. Impact Level: Application

Solution

Upgrade to version 5.2.11 or later http://www.php.net/downloads.php

Insight

- An error in 'php_openssl_apply_verification_policy' function that does not properly perform certificate validation. - An input validation error exists in the processing of 'exif' data. - An unspecified error exists related to the sanity check for the color index in the 'imagecolortransparent' function.

Affected

PHP version prior to 5.2.11

References

http://secunia.com/advisories/36791
http://www.openwall.com/lists/oss-security/2009/09/20/1
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3291, CVE-2009-3292, CVE-2009-3293

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
3S CoDeSys CmpWebServer Multiple Vulnerabilities
Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)

Take action and discover your vulnerabilities