Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.5.x < 5.5.10 Multiple Vulnerabilities

High

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

PHP versions earlier than 5.5.10 are potentially affected by the following vulnerabilities:

- An error related to the Fileinfo extension and the bundled libmagic library can be leveraged by an attacker for denial-of-service attacks (CVE-2014-1943)

- An error related to the Fileinfo extension and process for analyzing Portable Executable (PE) format files could be leveraged by an attacker for arbitrary code execution or denial of service (CVE-2014-2270)

- The fix for CVE-2013-7327 was incomplete, and has since been rectified (Bug 66815)

Solution

Apply the vendor patch or upgrade to PHP version 5.5.10 or later.