Operating System - HP-UX

1823077 Members

3411 Online

109645 Solutions

Apache PHP Security Vulnerability Issues

I have installed the latest version of Secure Web Server (v6_8_0) on one of the servers I adminster. Our corporate security scans indicate that there is a security problem with the version of PHP (v4.4.8) in that kit (details below). Is there a patch that I can apply to upgrade to a verions of PHP that does not have these vulnerabilities?

Synopsis :

The remote web server uses a version of PHP that is affected by
multiple issues.

Description :

According to its banner, the version of PHP installed on the remote
host is older than 4.4.9. Such versions address several security
issues, including :

- An update of PCRE to version 7.7.
- An overflow in memnstr().
- A crash in imageloadfont when an invalid font is given.
- An open_basedir handling issue in the curl extension.
- 'mbstring.func_overload' set in '.htaccess' becomes global.

Note that the release announcement states this will be the last
release for the PHP 4.4 series.

See also :

http://www.php.net/releases/4_4_9.php
http://www.php.net/ChangeLog-4.php#4.4.9

Solution :

Upgrade to PHP version 4.4.9 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin output :

PHP version 4.4.8 appears to be running on the remote host based on
the following Server response header :

Server: Apache/2.2.6 (Unix) PHP/4.4.8 DAV/2

CVE : CVE-2007-4850
BID : 27413, 30649
Other references : OSVDB:43219, Secunia:31409

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Apache PHP Security Vulnerability Issues

Apache PHP Security Vulnerability Issues