PHP 5.x < 5.1.0 Multiple Vulnerabilities

medium Nessus Plugin ID 17711

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.0. Such versions may be affected by multiple vulnerabilities :

- A cross-site scripting vulnerability exists in phpinfo().

- Multiple safe_mode/open_basedir bypass vulnerabilities exist in ext/curl and ext/gd.

- It is possible to overwrite $GLOBALS due to an issue in file upload handling, extract(), and import_request_variables().

- An issue exists when a request is terminated due to memory_limit constraints during certain parse_str() calls, which could lead to register globals being turned on.

- An issue exists with trailing slashes in allowed basedirs.

- An issue exists with calling virtual() on Apache 2, which allows an attacker to bypass certain configuration directives like safe_mode or open_basedir.

- A possible header injection exists in the mb_send_mail() function.

- The apache2handler SAPI in the Apache module allows attackers to cause a denial of service.

Solution

Upgrade to PHP version 5.1.0 or later.

See Also

http://www.php.net/releases/5_1_0.php

Plugin Details

Severity: Medium

ID: 17711

File Name: php_5_1_0.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 11/18/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Exploit Ease: No exploit is required

Patch Publication Date: 1/12/2006

Vulnerability Publication Date: 1/11/2006

Reference Information

CVE: CVE-2005-3319, CVE-2005-3883

BID: 15177, 15571

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990