Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that the PHP xmlrpc extension did not correctly
check heap memory allocation sizes. A remote attacker could send a
specially crafted request to a PHP application using xmlrpc and
execute arbitrary code as the Apache user. (CVE-2007-1864)
Stefan Esser discovered a flaw in the random number initialization of
the PHP SOAP extension. This could lead to remote attackers being able
to predict certain elements of the authentication mechanism.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5