Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.3.x < 5.3.27 Information Disclosure

Medium

Synopsis

The remote web server uses a version of PHP that is affected by an information disclosure vulnerability

Description

PHP versions 5.3.x earlier than 5.3.23 are affected by an information disclosure vulnerability. The fix for CVE-2013-1643 was incomplete and an error still exists in the files 'ext/soap/php_xml.c' and 'ext/libxml/libxml.c' related to handling external entities. This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitrary filesthe buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'

Solution

Upgrade to PHP version 5.3.27 or later.