PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities

high Nessus Plugin ID 25159

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web server uses a version of PHP that is affected by multiple flaws.

Description

According to its banner, the version of PHP installed on the remote host is older than 4.4.7 / 5.2.2. Such versions may be affected by several issues, including buffer overflows in the GD library.

Solution

Upgrade to PHP 4.4.7 / 5.2.2 or later.

See Also

http://www.php.net/releases/4_4_7.php

http://www.php.net/releases/5_2_2.php

Plugin Details

Severity: High

ID: 25159

File Name: php_4_4_7_or_5_2_2.nasl

Version: 1.38

Type: remote

Family: CGI abuses

Published: 5/4/2007

Updated: 1/19/2021

Dependencies: php_version.nasl

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP, Settings/ParanoidReport

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/29/2007

Reference Information

CVE: CVE-2007-0455, CVE-2007-0911, CVE-2007-1001, CVE-2007-1521, CVE-2007-1285, CVE-2007-1375, CVE-2007-1396, CVE-2007-1399, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484, CVE-2007-1522, CVE-2007-1582, CVE-2007-1583, CVE-2007-1709, CVE-2007-1710, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1883, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511, CVE-2007-2727, CVE-2007-2748, CVE-2007-3998, CVE-2007-4670

BID: 22289, 22764, 22990, 23357, 23813, 23818, 23984, 24012

CWE: 20, 119