Summary
This host is installed with PHP and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to overwrite arbitrary files, conduct denial of service attacks or potentially execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to PHP version 5.4.32 or 5.5.16 or later,
For updates refer to http://php.net
Insight
The flaws exist due to,
- Multiple overflow conditions in the 'php_parserr' function within ext/standard/dns.c script.
- Integer overflow in the 'cdf_read_property_info' function in cdf.c within the Fileinfo component.
- An error in the '_php_image_output_ctx' function within ext/gd/gd_ctx.c script as NULL bytes in paths to various image handling functions are not stripped.
Affected
PHP version 5.4.x before 5.4.32 and 5.5.x before 5.5.16
Detection
Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3587, CVE-2014-3597, CVE-2014-5120 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- /doc directory browsable ?