Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

PHP Multiple Vulnerabilities - Sep11 (Windows)

Information

Severity

Severity

Critical

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

5 years ago

Share

Summary

This host is running PHP and is prone to multiple vulnerabilities.

Insight

Insight

Multiple flaws are due to, - Improper handling of passwords with 8-bit characters by 'crypt_blowfish' function. - An error in 'ZipArchive::addGlob' and 'ZipArchive::addPattern' functions in ext/zip/php_zip.c file allows remote attackers to cause denial of service via certain flags arguments. - Improper validation of the return values of the malloc, calloc and realloc library functions. - Improper implementation of the error_log function.

Affected Software

Affected Software

PHP version prior to 5.3.7 on Windows

Solution

Solution

Upgrade to PHP version 5.3.7 or later.

Common Vulnerabilities and Exposures (CVE)

References