Summary
This host is running PHP and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to spoof the server via a MitM (Man-in-the-Middle) attack and disclose potentially sensitive information.
Solution
Upgrade to PHP version 5.4.18 or 5.5.2 or later,
For updates refer to http://php.net
Insight
The flaw is due to the SSL module not properly handling NULL bytes inside 'subjectAltNames' general names in the server SSL certificate.
Affected
PHP versions before 5.4.18 and 5.5.x before 5.5.2 on Windows.
Detection
Get the installed version of PHP with the help of detect NVT and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4248 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability