According to its banner, the version of PHP 5.3.x installed on the remote host is earlier than 5.3.1. Such versions are potentially affected by multiple issues :
Sanity checks are missing in exif processing.
It is possible to bypass the ‘safe_mode’ configuration setting using ‘tempnam()’.
It is possible to bypass the ‘open_basedir’ configuration setting using ‘posix_mkfifo()’.
The ‘safe_mode_include_dir’ configuration setting may be ignored.
Calling ‘popen()’ with an invalid mode can cause a crash.
A safe_mode restriction-bypass vulnerability because environment variables specified for ‘proc_open’ are passed without checking them.
Binary data 5242.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1128
www.php.net/ChangeLog-5.php#5.3.1
www.php.net/releases/5_3_1.php
www.securityfocus.com/archive/1/507982/30/0/threaded