Test ID:	1.3.6.1.4.1.25623.1.0.10867
Category:	Web application abuses
Title:	PHP < 4.1.2 POST File Uploads Vulnerabilities - Active Check
Summary:	There are several flaws in how PHP handles multipart/form-data; POST requests, any one of which can allow an attacker to gain remote access to the system.
Description:	Summary: There are several flaws in how PHP handles multipart/form-data POST requests, any one of which can allow an attacker to gain remote access to the system. Affected Software/OS: PHP versions prior to 4.1.2. Solution: Update to version 4.1.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0081 BugTraq ID: 4183 http://www.securityfocus.com/bid/4183 Bugtraq: 20020227 Advisory 012002: PHP remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=101484705523351&w=2 Bugtraq: 20020228 TSLSA-2002-0033 - mod_php (Google Search) http://marc.info/?l=bugtraq&m=101497256024338&w=2 Bugtraq: 20020304 Apache+php Proof of Concept Exploit (Google Search) http://marc.info/?l=bugtraq&m=101537076619812&w=2 http://www.cert.org/advisories/CA-2002-05.html CERT/CC vulnerability note: VU#297363 http://www.kb.cert.org/vuls/id/297363 Conectiva Linux advisory: CLA-2002:468 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468 Debian Security Information: DSA-115 (Google Search) http://www.debian.org/security/2002/dsa-115 En Garde Linux Advisory: ESA-20020301-006 http://www.linuxsecurity.com/advisories/other_advisory-1924.html HPdes Security Advisory: HPSBTL0203-028 http://online.securityfocus.com/advisories/3911 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php http://security.e-matters.de/advisories/012002.html http://marc.info/?l=ntbugtraq&m=101484975231922&w=2 http://www.redhat.com/support/errata/RHSA-2002-035.html http://www.redhat.com/support/errata/RHSA-2002-040.html SuSE Security Announcement: SuSE-SA:2002:007 (Google Search) http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html http://marc.info/?l=vuln-dev&m=101468694824998&w=2 http://www.iss.net/security_center/static/8281.php
Copyright	Copyright (C) 2002 Thomas Reinke

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.