PHP 5.4.x < 5.4.24 Multiple Vulnerabilities
Medium Nessus Plugin ID 71927
SynopsisThe remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.24. It is, therefore, potentially affected by the following vulnerabilities :
- A heap-based buffer overflow error exists in the file 'ext/date/lib/parse_iso_intervals.c' related to handling DateInterval objects that could allow denial of service attacks. (CVE-2013-6712)
- An integer overflow error exists in the function 'exif_process_IFD_TAG' in the file 'ext/exif/exif.c' that could allow denial of service attacks or arbitrary memory reads. (Bug #65873)
Note that this plugin does not attempt to exploit the vulnerabilities, but instead relies only on PHP's self-reported version number.
SolutionUpgrade to PHP version 5.4.24 or later.