Detections
Analytics
PHP 5.x < 5.1.0 Multiple Vulnerabilities
medium Nessus Plugin ID 17711
Language:
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.Description
According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.0. Such versions may be affected by multiple vulnerabilities :- A cross-site scripting vulnerability exists in phpinfo().
- Multiple safe_mode/open_basedir bypass vulnerabilities exist in ext/curl and ext/gd.
- It is possible to overwrite $GLOBALS due to an issue in file upload handling, extract(), and import_request_variables().
- An issue exists when a request is terminated due to memory_limit constraints during certain parse_str() calls, which could lead to register globals being turned on.
- An issue exists with trailing slashes in allowed basedirs.
- An issue exists with calling virtual() on Apache 2, which allows an attacker to bypass certain configuration directives like safe_mode or open_basedir.
- A possible header injection exists in the mb_send_mail() function.
- The apache2handler SAPI in the Apache module allows attackers to cause a denial of service.
Solution
Upgrade to PHP version 5.1.0 or later.See Also
Plugin Details
Severity: Medium
ID: 17711
File Name: php_5_1_0.nasl
Version: 1.9
Type: remote
Family: CGI abuses
Published: 11/18/2011
Updated: 11/22/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Exploit Ease: No exploit is required
Patch Publication Date: 1/12/2006
Vulnerability Publication Date: 1/11/2006
Reference Information
CVE: CVE-2005-3319, CVE-2005-3883