Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802504
Category:Web application abuses
Title:PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows)
Summary:PHP is prone to a remote arbitrary code execution vulnerability.
Description:Summary:
PHP is prone to a remote arbitrary code execution vulnerability.

Vulnerability Insight:
The flaw is due to error in 'is_a()' function. It receives
strings as first argument, which can lead to the '__autoload()' function being
called unexpectedly and do not properly verify input in their '__autoload()'
function, which leads to an unexpected attack vectors.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute
arbitrary PHP code by including arbitrary files from remote resources.

Affected Software/OS:
PHP Version 5.3.7 and 5.3.8 on Windows.

Solution:
Update to version 5.3.9 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 49754
Common Vulnerability Exposure (CVE) ID: CVE-2011-3379
Bugtraq: 20110923 Security issue is_a function in PHP 5.3.7+ (Google Search)
http://www.securityfocus.com/archive/1/519770/30/0/threaded
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: SSRT100877
http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
http://securityreason.com/securityalert/8525
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.