This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP
before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not
properly parse (1) notBefore and (2) notAfter timestamps in X.509
certificates, which allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted
certificate that is not properly handled by the openssl_x509_parse
See also :
Run 'yum update php' to update your system.
Risk factor :
High / CVSS Base Score : 7.5
Family: Amazon Linux Local Security Checks
Nessus Plugin ID: 71574 ()
CVE ID: CVE-2013-6420
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.