SynopsisThe remote web server uses an outdated version of PHP, leaving it vulnerable to several issues.
DescriptionVersions earlier than 5.6.2, 5.5.18, and 5.4.34 are exposed to the following issues :
- An array indexing flaw in the 'date_from_ISO8601()' function in ext/xmlrpc/libxmlrpc/xmlrpc.c could be used to disclose memory content (CVE-2014-3668)
- A memory corruption vulnerability when processing thumbnails in the 'exif_ifd_make_value()' function of ext/exif/exif.c could potentially crash the system or be a vector for remote code execution (CVE-2014-3670)
- An integer overflow condition in the 'object_custom()' function in ext/standard/var_unserializer.re can cause a crash (CVE-2014-3669)
- Memory content disclosure in ext/curl/interface.c when handling NULL bytes ('\0') in cURL options.
SolutionApply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.6.2, 5.5.18, and 5.4.34.