Web application abuses : PHP Multiple Security Bypass Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.801585
Category:	Web application abuses
Title:	PHP Multiple Security Bypass Vulnerabilities
Summary:	PHP is prone to multiple security bypass vulnerabilities.
Description:	Summary: PHP is prone to multiple security bypass vulnerabilities. Vulnerability Insight: The flaws are caused to: - An error in handling pathname which accepts the '?' character in a pathname. - An error in 'iconv_mime_decode_headers()' function in the 'Iconv' extension. - 'SplFileInfo::getType' function in the Standard PHP Library (SPL) extension, does not properly detect symbolic links in windows. - Integer overflow in the 'mt_rand' function. - Race condition in the 'PCNTL extension', when a user-defined signal handler exists. Vulnerability Impact: Successful exploitation could allow remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact. Affected Software/OS: PHP version prior to 5.3.4. Solution: Update to PHP 5.3.4 or later CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-7243 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 44951 http://www.securityfocus.com/bid/44951 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://www.madirish.net/?article=436 http://openwall.com/lists/oss-security/2010/11/18/4 http://openwall.com/lists/oss-security/2010/11/18/5 http://openwall.com/lists/oss-security/2010/12/09/10 http://openwall.com/lists/oss-security/2010/12/09/11 http://openwall.com/lists/oss-security/2010/12/09/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html RedHat Security Advisories: RHSA-2013:1615 http://rhn.redhat.com/errata/RHSA-2013-1615.html RedHat Security Advisories: RHSA-2014:0311 http://rhn.redhat.com/errata/RHSA-2014-0311.html http://secunia.com/advisories/55078 Common Vulnerability Exposure (CVE) ID: CVE-2010-4699 http://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393 XForce ISS Database: php-iconvmimedecodeheaders-sec-bypass(64963) https://exchange.xforce.ibmcloud.com/vulnerabilities/64963 Common Vulnerability Exposure (CVE) ID: CVE-2011-0754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334 XForce ISS Database: php-splfileinfogettype-symlink(65429) https://exchange.xforce.ibmcloud.com/vulnerabilities/65429 Common Vulnerability Exposure (CVE) ID: CVE-2011-0753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271 XForce ISS Database: php-pcntl-dos(65431) https://exchange.xforce.ibmcloud.com/vulnerabilities/65431 Common Vulnerability Exposure (CVE) ID: CVE-2011-0755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12589 XForce ISS Database: php-mtrand-weak-security(65426) https://exchange.xforce.ibmcloud.com/vulnerabilities/65426
Copyright	Copyright (C) 2011 Greenbone Networks GmbH