icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP 5.3.x < 5.3.27 Information Disclosure

Medium

Synopsis

The remote web server uses a version of PHP that is affected by an information disclosure vulnerability.

Description

PHP versions 5.3.x earlier than 5.3.23 are affected by an information disclosure vulnerability. The fix for CVE-2013-1643 was incomplete and an error still exists in the files 'ext/soap/php_xml.c' and 'ext/libxml/libxml.c' related to handling external entities. This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitrary filesthe buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'

Solution

Upgrade to PHP version 5.3.27 or later.