Summary
This host is running PHP and is prone to security bypass vulnerability.
Impact
Successful exploitation could allow remote attackers to delete files from the root directory, which may aid in further attacks.
Impact Level: System/Application
Solution
Upgrade to PHP version 5.3.7 or later.
For updates refer to http://www.php.net/downloads.php
Insight
The flaw is due to an error in 'SAPI_POST_HANDLER_FUNC()' function in rfc1867.c when handling files via a 'multipart/form-data' POST request. which allows attacker to bypass security restriction.
Affected
PHP version prior to 5.3.7
References
Severity
Classification
-
CVE CVE-2011-2202 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Apache Tomcat servlet/JSP container default files