Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities

High

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner the version of PHP installed on the remote host is earlier than 5.3.3 / 5.2.14. Such version are potentially affected by multiple vulnerabilities :

- An information disclosure vulnerability in var_export() when a fatal error occurs.

- A resource destruction issue in shm_put_var().

- A possible information leak because of an interruption of XOR operator.

- A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.

- A memory corruption issue in ArrayObject::uasort().

- A memory corruption issue in parse_str().

- A memory corruption issue in pack().

- A memory corruption issue in substr_replace().

- A memory corruption issue in addcslashes().

- A stack exhaustion issue in fnmatch().

- A buffer overflow vulnerability in the dechunking filter.

- An arbitrary memory access issue in the sqlite extension.

- A string format validation issue in the phar extension.

- An unspecified issue relating to the handling of session variable serialization on certain prefix characters.

- A NULL pointer dereference issue when processing invalid XML-RPC requests.

- An unserialization issue in SplObjectStorage.

- Buffer overflow vulnerabilities in mysqlnd_list_fields and mysqlnd_change_user.

- Buffer overflows when handling error packets in mysqlnd.

Solution

Upgrade to PHP version 5.2.14, 5.3.3, or later.