PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS

medium Nessus Plugin ID 51439

Synopsis

The remote web server uses a version of PHP that is affected by a denial of service vulnerability.

Description

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.17 or 5.3.5.

Such versions may experience a crash while performing string to double conversion for certain numeric values. Only x86 32-bit PHP processes are known to be affected by this issue regardless of whether the system running PHP is 32-bit or 64-bit.

Solution

Upgrade to PHP 5.2.17/5.3.5 or later.

See Also

https://bugs.php.net/bug.php?id=53632

http://www.php.net/distributions/test_bug53632.txt

http://www.php.net/releases/5_2_17.php

http://www.php.net/releases/5_3_5.php

Plugin Details

Severity: Medium

ID: 51439

File Name: php_5_3_5.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 1/7/2011

Updated: 5/31/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 1/6/2011

Vulnerability Publication Date: 12/30/2010

Reference Information

CVE: CVE-2010-4645

BID: 45668