PHP 5.3.x < 5.3.27 Information Disclosure
Medium Log Correlation Engine Plugin ID 801404
SynopsisThe remote web server uses a version of PHP that is affected by an information disclosure vulnerability
DescriptionPHP versions 5.3.x earlier than 5.3.23 are affected by an information disclosure vulnerability.
The fix for CVE-2013-1643 was incomplete and an error still exists in the files 'ext/soap/php_xml.c' and 'ext/libxml/libxml.c' related to handling external entities. This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitrary filesthe buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'
SolutionUpgrade to PHP version 5.3.27 or later.