Summary
This host is installed with PHP and is prone to information disclosure vulnerability
Impact
Successful exploitation will allow remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
Impact Level: Application
Solution
Apply patch or upgrade latest version,
http://www.php.net/downloads.php
https://bugs.php.net/bug.php?id=61413
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
The flaw is due to error in 'openssl_encrypt()' function when handling empty $data strings which will allow an attacker to gain access to arbitrary pieces of information in current memory.
Affected
PHP version 5.3.9 through 5.3.13 on windows
References
Severity
Classification
-
CVE CVE-2012-6113 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability