SynopsisThe remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.26. It is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to the Fileinfo extension and the bundled libmagic library that could allow denial of service attacks. (CVE-2014-1943)
- An error exists related to the Fileinfo extension and the process of analyzing Portable Executable (PE) format files that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2014-2270)
Note that this plugin does not attempt to exploit the vulnerabilities, but instead relies only on PHP's self-reported version number.
SolutionUpgrade to PHP version 5.4.26 or later.