Summary
This host is running PHP and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service.
Impact Level: Application
Solution
Upgrade to PHP version 5.3.8 or later.
For updates refer to http://www.php.net/downloads.php
Insight
Multiple flaws are due to,
- Improper handling of passwords with 8-bit characters by 'crypt_blowfish' function.
- An error in 'ZipArchive::addGlob' and 'ZipArchive::addPattern' functions in ext/zip/php_zip.c file allows remote attackers to cause denial of service via certain flags arguments.
- Improper validation of the return values of the malloc, calloc and realloc library functions.
- Improper implementation of the error_log function.
Affected
PHP version prior to 5.3.7
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-1657, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)