Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.802591
Kategorie:Web application abuses
Titel:PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)
Zusammenfassung:PHP is prone to a security bypass vulnerability.
Beschreibung:Summary:
PHP is prone to a security bypass vulnerability.

Vulnerability Insight:
The flaw is due to an error in importing environment variables,
it not properly performing a temporary change to the 'magic_quotes_gpc'
directive during the importing of environment variables.

Vulnerability Impact:
Successful exploitation could allow remote attackers to gain sensitive
information via a crafted request.

Affected Software/OS:
PHP Version 5.3.9 and prior on Windows.

Solution:
Update to PHP Version 5.3.10 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 51954
Common Vulnerability Exposure (CVE) ID: CVE-2012-0831
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://www.securityfocus.com/bid/51954
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://secunia.com/advisories/48668
http://secunia.com/advisories/55078
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://www.ubuntu.com/usn/USN-1358-1
XForce ISS Database: php-magicquotesgpc-sec-bypass(73125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73125
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.