The remote Debian host is missing a security-related update.
Multiple vulnerabilities have been discovered in PHP : - CVE-2015-4025 / CVE-2015-4026 Multiple function didn't check for NULL bytes in path names. - CVE-2015-4024 Denial of service when processing multipart/form-data requests. - CVE-2015-4022 Integer overflow in the ftp_genlist() function may result in denial of service or potentially the execution of arbitrary code. - CVE-2015-4021 CVE-2015-3329 CVE-2015-2783 Multiple vulnerabilities in the phar extension may result in denial of service or potentially the execution of arbitrary code when processing malformed archives.
Upgrade the php5 packages. For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.