| Description: | Description:
The remote host is missing an update to php
announced via advisory FEDORA-2004-223.
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
Update Information:
This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CVE-2004-0594), and the
strip_tags function (CVE CVE-2004-0595). CVE-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the 'register_globals' setting has been
enabled. CVE-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.
The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.
Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-223.shtml
Risk factor : High
CVSS Score:
6.8
|
