Detections
Analytics
PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
high Nessus Plugin ID 20111
Language:
Synopsis
The remote web server uses a version of PHP that is affected by multiple flaws.Description
According to its banner, the version of PHP installed on the remote host is older than 4.4.1 or 5.0.6. Such versions fail to protect the '$GLOBALS' superglobals variable from being overwritten due to weaknesses in the file upload handling code as well as the 'extract()' and 'import_request_variables()' functions. Depending on the nature of the PHP applications on the affected host, exploitation of this issue may lead to any number of attacks, including arbitrary code execution.In addition, these versions may enable an attacker to exploit an integer overflow flaw in certain certain versions of the PCRE library, to enable PHP's 'register_globals' setting even if explicitly disabled in the configuration, and to launch cross-site scripting attacks involving PHP's 'phpinfo()' function.
Solution
Upgrade to PHP version 4.4.1 / 5.0.6 or later.See Also
http://www.hardened-php.net/advisory_182005.77.html
http://www.hardened-php.net/advisory_192005.78.html
Plugin Details
Severity: High
ID: 20111
File Name: php_4_4_1.nasl
Version: 1.26
Type: remote
Family: CGI abuses
Published: 11/1/2005
Updated: 5/28/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 8/20/2005
Reference Information
CVE: CVE-2002-0229, CVE-2005-2491, CVE-2005-3388, CVE-2005-3389, CVE-2005-3390