PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
Critical Nessus Plugin ID 60085
SynopsisThe remote web server uses a version of PHP that is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities :
- An unspecified overflow vulnerability exists in the function '_php_stream_scandir' in the file 'main/streams/streams.c'. (CVE-2012-2688)
- An unspecified error exists that can allow the 'open_basedir' constraint to be bypassed.
SolutionUpgrade to PHP version 5.3.15 or later.