SynopsisThe remote web server uses a version of PHP that is potentially affected by an information disclosure vulnerability.
DescriptionAccording to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.13. It is, therefore, potentially affected by an information disclosure vulnerability. The 5.4.12 fix for CVE-2013-1635 / CVE-2013-1643 was incomplete and an error still exists in the files 'ext/soap/php_xml.c' and 'ext/libxml/libxml.c' related to handling external entities. This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitraryfiles.
Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.
SolutionUpgrade to PHP version 5.4.13 or later.