Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.5.x < 5.5.2 Multiple Vulnerabilities

Medium

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

PHP versions earlier than 5.5.2 are affected by the following vulnerabilities :

- An error exists related to the 'Sessions' subsystem that can allow an attacker to hijack the session of another user. (CVE-2011-4718 / Bug #60491)

- An error exists related to certificate validation, the 'subjectAltName' field and certificates containing NULL bytes. This error can allow spoofing attacks. (CVE-2013-4248)

Solution

Apply the vendor patch or upgrade to PHP version 5.5.2 or later.