<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This one is on 5106R but has client hosted php 5.3.8 on the server
php is 5.1.6<br>
<br>
<br>
Description: vulnerable PHP version: 5.3.8
Severity: Area of Concern
CVE: <a class="test" target="_blank"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885">CVE-2011-4885</a>
Impact: Remote attackers may be able to gain unauthorized access to
the web server, cause a denial of service<span style=""> or
information disclosure, or execute arbitrary code.
Resolution
PHP should be [<a class="test"
href="http://www.php.net/downloads.php">http://www.php.net/downloads.php</a>]
upgraded
to 5.2.17 or higher for 5.2.x, to 5.3.10 or higher for 5.3.x, and
to a version higher than 6.0 dev for 6.0.x when available.
Note that the PHP project announced the end of support for PHP 5.2
with the release of
[<a class="test"
href="http://www.php.net/archive/2010.php#id2010-12-16-1">http://www.php.net/archive/2010.php#id2
010-12-16-1</a>] PHP 5.2.16
on 2010 December 16.
Although there was a
[<a class="test"
href="http://www.php.net/archive/2011.php#id2011-01-06-1">http://www.php.net/archive/2011.php#id2
011-01-06-1</a>] PHP 5.2.17
release to fix a critical problem on certain vulnerable platforms
(<a class="test" target="_blank"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4645">CVE-2010-4645</a>),
the
PHP project encourages users of PHP 5.2 to upgrade to 5.3, and
offers a
[<a class="test" href="http://us.php.net/migration53">http://us.php.net/migration53</a>]
guide to migrating from 5.2 to 5.3.
Vulnerability Details: Service: http
Sent: GET
/scripts/ HTTP/1.0
Host: <a class="moz-txt-link-abbreviated" href="http://www.mydomain.com">www.mydomain.com</a>
User-Agent: Mozilla/4.0
Received: X-Powered-By: PHP/5.3.8 </span><span style="color:
rgb(47, 69, 92); font-size: 10px; cursor: pointer;"
onclick="this.previousSibling.previousSibling.style.display='none';
this.previousSibling.style.display=''; this.style.display='none';"><br>
</span><br>
<br>
<br>
<pre class="moz-signature" cols="72">--
+---------------------------------------------+
Richard C. Barker Sr.
</pre>
</body>
</html>