CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.2%
According to its banner, the version of PHP 5.2.x installed on the remote host is earlier than 5.2.12. Such versions are potentially affected by multiple vulnerabilities :
A safe_mode bypass in tempnam(). (CVE-2009-3557)
An open_basedir bypass in posix_mkfifo(). (CVE-2009-3558)
A possible denial-of-service via temporary file exhaustion caused by a failure to limit the number of file uploads per request. (CVE-2009-4017)
An arbitrary code execution vulnerability in the ‘session.save_path()’ function and the ‘$_SESSION’ data structure. (CVE-2009-4143)
A cross-site scripting vulnerability becuase the ‘htmlspecialcharacters()’ function fails to properly handle some malformed multibyte character sequences.
Binary data 801091.prm
.nessus.org/u?57f2d08f
.php.net/ChangeLog-5.php#5.2.12
.php.net/releases/5_2_12.php
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143