Lucene search

K
nessusTenable801091.PRM
HistoryDec 18, 2009 - 12:00 a.m.

PHP 5.2.x < 5.2.12 Multiple Vulnerabilities

2009-12-1800:00:00
Tenable
www.tenable.com
17

According to its banner, the version of PHP 5.2.x installed on the remote host is earlier than 5.2.12. Such versions are potentially affected by multiple vulnerabilities :

  • A safe_mode bypass in tempnam(). (CVE-2009-3557)

  • An open_basedir bypass in posix_mkfifo(). (CVE-2009-3558)

  • A possible denial-of-service via temporary file exhaustion caused by a failure to limit the number of file uploads per request. (CVE-2009-4017)

  • An arbitrary code execution vulnerability in the ‘session.save_path()’ function and the ‘$_SESSION’ data structure. (CVE-2009-4143)

  • A cross-site scripting vulnerability becuase the ‘htmlspecialcharacters()’ function fails to properly handle some malformed multibyte character sequences.

Binary data 801091.prm