<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    This one is on 5106R but has client hosted php 5.3.8 on the server
    php is 5.1.6<br>
    <br>
    <br>
    Description: vulnerable PHP version: 5.3.8
    Severity: Area of Concern
    CVE: <a class="test" target="_blank"
      href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885">CVE-2011-4885</a>
    Impact: Remote attackers may be able to gain unauthorized access to
    the web server, cause a denial of service<span style=""> or
      information disclosure, or execute arbitrary code.
      Resolution
      PHP should be [<a class="test"
        href="http://www.php.net/downloads.php">http://www.php.net/downloads.php</a>]
      upgraded
      to 5.2.17 or higher for 5.2.x, to 5.3.10 or higher for 5.3.x, and
      to a version higher than 6.0 dev for 6.0.x when available.
      Note that the PHP project announced the end of support for PHP 5.2
      with the release of
      [<a class="test"
        href="http://www.php.net/archive/2010.php#id2010-12-16-1">http://www.php.net/archive/2010.php#id2
        010-12-16-1</a>] PHP 5.2.16
      on 2010 December 16.
      Although there was a
      [<a class="test"
        href="http://www.php.net/archive/2011.php#id2011-01-06-1">http://www.php.net/archive/2011.php#id2
        011-01-06-1</a>] PHP 5.2.17
      release to fix a critical problem on certain vulnerable platforms
      (<a class="test" target="_blank"
        href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4645">CVE-2010-4645</a>),
the
      PHP project encourages users of PHP 5.2 to upgrade to 5.3, and
      offers a
      [<a class="test" href="http://us.php.net/migration53">http://us.php.net/migration53</a>]
      guide to migrating from 5.2 to 5.3.
      Vulnerability Details: Service: http
      Sent: GET
       /scripts/ HTTP/1.0
      Host: <a class="moz-txt-link-abbreviated" href="http://www.mydomain.com">www.mydomain.com</a>
      User-Agent: Mozilla/4.0
      Received: X-Powered-By: PHP/5.3.8 </span><span style="color:
      rgb(47, 69, 92); font-size: 10px; cursor: pointer;"
      onclick="this.previousSibling.previousSibling.style.display='none';
      this.previousSibling.style.display=''; this.style.display='none';"><br>
    </span><br>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
+---------------------------------------------+
 Richard C. Barker Sr.
</pre>
  </body>
</html>