Summary
This host is installed with PHP and is prone to information disclosure vulnerability
Impact
Successful exploitation will allow remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
Impact Level: Application
Solution
Apply patch or upgrade latest version,
http://www.php.net/downloads.php
https://bugs.php.net/bug.php?id=61413
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
The flaw is due to error in 'openssl_encrypt()' function when handling empty $data strings which will allow an attacker to gain access to arbitrary pieces of information in current memory.
Affected
PHP version 5.3.9 through 5.3.13 on windows
References
Severity
Classification
-
CVE CVE-2012-6113 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability