SynopsisThe remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.10. It is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to the Fileinfo extension and the bundled libmagic library that could allow denial of service attacks. (CVE-2014-1943)
- An error exists related to the Fileinfo extension and the process of analyzing Portable Executable (PE) format files that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2014-2270)
- The fix for CVE-2013-7327 was incomplete and NULL pointers can still be dereferenced. (Bug #66815)
Note that this plugin does not attempt to exploit these issues, but instead relies only on PHP's self-reported version number.
SolutionUpgrade to PHP version 5.5.10 or later.