Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

php -- multiple vulnerabilities

Information

Severity

Severity

Critical

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following packages are affected: mod_php4-twig php4-cgi php4-cli php4-dtc php4-horde php4-nms php4 mod_php mod_php4 php5 php5-cgi php5-cli mod_php5 CVE-2004-1019 The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger 'information disclosure, double free and negative reference index array underflow' results. CVE-2004-1065 Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Solution

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/13481/ http://www.php.net/release_4_3_10.php http://www.hardened-php.net/advisories/012004.txt http://www.vuxml.org/freebsd/d47e9d19-5016-11d9-9b5f-0050569f0001.html

Common Vulnerabilities and Exposures (CVE)