PHP 5.3.x < 5.3.27 Information Disclosure
Medium Nessus Network Monitor Plugin ID 6928
SynopsisThe remote web server uses a version of PHP that is affected by an information disclosure vulnerability.
DescriptionPHP versions 5.3.x earlier than 5.3.23 are affected by an information disclosure vulnerability.
The fix for CVE-2013-1643 was incomplete and an error still exists in the files 'ext/soap/php_xml.c' and 'ext/libxml/libxml.c' related to handling external entities. This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitrary filesthe buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'
SolutionUpgrade to PHP version 5.3.27 or later.