[BlueOnyx:10454] More PCI DSS Issues
Richard Barker
rc at probass.com
Sun May 6 08:54:12 -05 2012
This one is on 5106R but has client hosted php 5.3.8 on the server php
is 5.1.6
Description: vulnerable PHP version: 5.3.8 Severity: Area of Concern
CVE: CVE-2011-4885
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885> Impact:
Remote attackers may be able to gain unauthorized access to the web
server, cause a denial of serviceor information disclosure, or execute
arbitrary code. Resolution PHP should be
[http://www.php.net/downloads.php] upgraded to 5.2.17 or higher for
5.2.x, to 5.3.10 or higher for 5.3.x, and to a version higher than 6.0
dev for 6.0.x when available. Note that the PHP project announced the
end of support for PHP 5.2 with the release of
[http://www.php.net/archive/2010.php#id2 010-12-16-1
<http://www.php.net/archive/2010.php#id2010-12-16-1>] PHP 5.2.16 on 2010
December 16. Although there was a
[http://www.php.net/archive/2011.php#id2 011-01-06-1
<http://www.php.net/archive/2011.php#id2011-01-06-1>] PHP 5.2.17 release
to fix a critical problem on certain vulnerable platforms (CVE-2010-4645
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4645>), the
PHP project encourages users of PHP 5.2 to upgrade to 5.3, and offers a
[http://us.php.net/migration53] guide to migrating from 5.2 to 5.3.
Vulnerability Details: Service: http Sent: GET /scripts/ HTTP/1.0 Host:
www.mydomain.com User-Agent: Mozilla/4.0 Received: X-Powered-By: PHP/5.3.8
--
+---------------------------------------------+
Richard C. Barker Sr.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20120506/4e332dec/attachment.html>
More information about the Blueonyx
mailing list