Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.120256
Category:Amazon Linux Local Security Checks
Title:Amazon Linux: Security Advisory (ALAS-2012-41)
Summary:The remote host is missing an update announced via the referenced Security Advisory.
Description:Summary:
The remote host is missing an update announced via the referenced Security Advisory.

Vulnerability Insight:
It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.

Solution:
Run yum update php to update your system.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0830
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
BugTraq ID: 51830
http://www.securityfocus.com/bid/51830
Debian Security Information: DSA-2403 (Google Search)
http://www.debian.org/security/2012/dsa-2403
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT100877
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
https://gist.github.com/1725489
http://openwall.com/lists/oss-security/2012/02/02/12
http://openwall.com/lists/oss-security/2012/02/03/1
http://www.osvdb.org/78819
RedHat Security Advisories: RHSA-2012:0092
http://rhn.redhat.com/errata/RHSA-2012-0092.html
http://securitytracker.com/id?1026631
http://secunia.com/advisories/47801
http://secunia.com/advisories/47806
http://secunia.com/advisories/47813
http://secunia.com/advisories/48668
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
XForce ISS Database: php-phpregistervariableex-code-exec(72911)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72911
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.