Tenable801070.PRMPHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities
According to its banner the version of PHP installed on the remote host is earlier than 5.3.3 / 5.2.14. Such version are potentially affected by multiple vulnerabilities :
-
An information disclosure vulnerability in var_export() when a fatal error occurs.
-
A resource destruction issue in shm_put_var().
-
A possible information leak because of an interruption of XOR operator.
-
A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.
-
A memory corruption issue in ArrayObject::uasort().
-
A memory corruption issue in parse_str().
-
A memory corruption issue in pack().
-
A memory corruption issue in substr_replace().
-
A memory corruption issue in addcslashes().
-
A stack exhaustion issue in fnmatch().
-
A buffer overflow vulnerability in the dechunking filter.
-
An arbitrary memory access issue in the sqlite extension.
-
A string format validation issue in the phar extension.
-
An unspecified issue relating to the handling of session variable serialization on certain prefix characters.
-
A NULL pointer dereference issue when processing invalid XML-RPC requests.
-
An unserialization issue in SplObjectStorage.
-
Buffer overflow vulnerabilities in mysqlnd_list_fields and mysqlnd_change_user.
-
Buffer overflows when handling error packets in mysqlnd.
Binary data 801070.prmReferences
.php.net/ChangeLog-5.php#5.2.14
.php.net/ChangeLog-5.php#5.3.3
.php.net/releases/5_2_14.php
.php.net/releases/5_3_3.php
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2531