PHP Remote Code Execution And Denail Of Service Vulnerabilities Dec13 Network Vulnerability

Summary

This host is installed with PHP and is prone to remote code execution vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption). Impact Level: Application

Solution

Update to PHP version 5.3.28 or 5.4.23 or 5.5.7 or later. For updates refer to http://www.php.net

Insight

The flaw is due to a boundary error within the 'asn1_time_to_time_t' function in 'ext/openssl/openssl.c' when parsing X.509 certificates.

Affected

PHP versions before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7.

Detection

Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.

References

http://packetstormsecurity.com/files/124436/PHP-openssl_x509_parse-Memory-Corruption.html
http://secunia.com/advisories/56055
http://www.osvdb.com/100979

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6420

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
AdMentor Login Flaw
Apache Axis2 Document Type Declaration Processing Security Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
AVTECH DVR Multiple Vulnerabilities

PHP Remote Code Execution and Denail of Service Vulnerabilities Dec13

Take action and discover your vulnerabilities