This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
The blowfish password hashing implementation did not properly handle
8-characters in passwords, which made it easier for attackers to crack
the hash (CVE-2011-2483). After this update existing hashes with id
'$2a$' for passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will either
have to change their password to store a new hash or the id of the
existing hash has to be manually changed to '$2x$' in order to
activate a compat mode. Please see the description of the
CVE-2011-2483 glibc update for details.
File uploads could potentially overwrite files owned by the user
running php (CVE-2011-2202).
A long salt argument to the crypt function could cause a buffer
See also :
Update the affected apache2-mod_php5 packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false