 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.100511 |
| Categoría: | Web application abuses |
| Título: | PHP < 5.2.13 Multiple Vulnerabilities |
| Resumen: | PHP is prone to multiple vulnerabilities. |
| Descripción: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2010-1128: The Linear Congruential Generator (LCG) does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable - CVE-2010-1129: The safe_mode implementation does not properly handle directory pathnames that lack a trailing slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function Affected Software/OS: PHP prior to version 5.2.13. Solution: Update to version 5.2.13 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1128 BugTraq ID: 38430 http://www.securityfocus.com/bid/38430 http://www.redhat.com/support/errata/RHSA-2010-0919.html http://secunia.com/advisories/38708 http://secunia.com/advisories/42410 http://www.vupen.com/english/advisories/2010/0479 http://www.vupen.com/english/advisories/2010/3081 Common Vulnerability Exposure (CVE) ID: CVE-2010-1129 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html BugTraq ID: 38431 http://www.securityfocus.com/bid/38431 HPdes Security Advisory: HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 HPdes Security Advisory: SSRT100018 http://securitytracker.com/id?1023661 http://secunia.com/advisories/40551 http://www.vupen.com/english/advisories/2010/1796 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |