PHP 4.x < 4.4.7 / 5.x < 5.2.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3982

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running a version of PHP lower than 4.4.7 or 5.2.2. This version is vulnerable to a number of remote issues. At least one of these issues is related to a buffer overflow attack. An attacker exploiting these flaws would be able to impact confidentiality, integrity, and availability.

Solution

Upgrade to version 4.4.7, 5.2.2 or higher.

See Also

http://www.php.net/releases/4_4_7.php

http://www.php.net/releases/5_2_2.php

http://www.php.net

Plugin Details

Severity: High

ID: 3982

Family: Web Servers

Published: 2007/05/04

Modified: 2018/09/16

Dependencies: 8728, 8682

Nessus ID: 25159

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2007/05/03

Vulnerability Publication Date: 2007/05/03

Reference Information

CVE: CVE-2007-0455, CVE-2007-0911, CVE-2007-1001, CVE-2007-1285, CVE-2007-1375, CVE-2007-1396, CVE-2007-1399, CVE-2007-1412, CVE-2007-1413, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484, CVE-2007-1521, CVE-2007-1522, CVE-2007-1581, CVE-2007-1582, CVE-2007-1583, CVE-2007-1649, CVE-2007-1709, CVE-2007-1710, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1883, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511, CVE-2007-2727, CVE-2007-2748, CVE-2007-3998, CVE-2007-4670

BID: 22886, 22289, 22764, 22851, 22893, 22897, 22968, 22971, 22990, 23016, 23062, 23145, 23146, 23357, 23813, 23818, 23984, 24034, 24012