ID de Prueba:	1.3.6.1.4.1.25623.1.0.56824
Categoría:	CGI abuses
Título:	PHP < 4.4.1/5.0.6 Multiple Vulnerabilities
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running a version of PHP older than 4.4.1, or older than 5.0.6. These versions allow attackers to overwrite the '$GLOBALS' superglobals variable. This can, depending on the application involved, lead to a variety of problems, including allowing attackers to execute arbitrary code. Further problems allow attackers to enable the 'register_globals' setting, and the ability to launch cross site scripting attacks via the phpfino() function. Versions up to 5.0.5 or 4.4.0 are vulnerable. Solution : Upgrade to PHP 5.0.6/4.4.1 or later. Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 14620 BugTraq ID: 15248 BugTraq ID: 15249 BugTraq ID: 15250 Common Vulnerability Exposure (CVE) ID: CVE-2005-2491 1014744 http://securitytracker.com/id?1014744 102198 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 14620 http://www.securityfocus.com/bid/14620 15647 http://www.securityfocus.com/bid/15647 16502 http://secunia.com/advisories/16502 16679 http://secunia.com/advisories/16679 17252 http://secunia.com/advisories/17252 17813 http://secunia.com/advisories/17813 19072 http://secunia.com/advisories/19072 19193 http://secunia.com/advisories/19193 19532 http://secunia.com/advisories/19532 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U 21522 http://secunia.com/advisories/21522 22691 http://secunia.com/advisories/22691 22875 http://secunia.com/advisories/22875 604 http://securityreason.com/securityalert/604 ADV-2005-1511 http://www.vupen.com/english/advisories/2005/1511 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2006-0789 http://www.vupen.com/english/advisories/2006/0789 ADV-2006-4320 http://www.vupen.com/english/advisories/2006/4320 ADV-2006-4502 http://www.vupen.com/english/advisories/2006/4502 APPLE-SA-2005-11-29 http://docs.info.apple.com/article.html?artnum=302847 DSA-800 http://www.debian.org/security/2005/dsa-800 DSA-817 http://www.debian.org/security/2005/dsa-817 DSA-819 http://www.debian.org/security/2005/dsa-819 DSA-821 http://www.debian.org/security/2005/dsa-821 FLSA:168516 http://www.securityfocus.com/archive/1/427046/100/0/threaded GLSA-200508-17 http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml GLSA-200509-02 http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml GLSA-200509-08 http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml GLSA-200509-12 http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml GLSA-200509-19 http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml HPSBMA02159 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPSBUX02074 http://www.securityfocus.com/archive/1/428138/100/0/threaded OpenPKG-SA-2005.018 http://marc.info/?l=bugtraq&m=112606064317223&w=2 RHSA-2005:358 http://www.redhat.com/support/errata/RHSA-2005-358.html RHSA-2005:761 http://www.redhat.com/support/errata/RHSA-2005-761.html RHSA-2006:0197 http://www.redhat.com/support/errata/RHSA-2006-0197.html SCOSA-2006.10 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt SSRT051251 SSRT061238 SSRT090208 SUSE-SA:2005:048 http://www.novell.com/linux/security/advisories/2005_48_pcre.html SUSE-SA:2005:049 http://www.novell.com/linux/security/advisories/2005_49_php.html SUSE-SA:2005:051 http://marc.info/?l=bugtraq&m=112605112027335&w=2 SUSE-SA:2005:052 http://www.novell.com/linux/security/advisories/2005_52_apache2.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm http://www.ethereal.com/appnotes/enpa-sa-00021.html http://www.php.net/release_4_4_1.php oval:org.mitre.oval:def:11516 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516 oval:org.mitre.oval:def:1496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496 oval:org.mitre.oval:def:1659 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659 oval:org.mitre.oval:def:735 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735 Common Vulnerability Exposure (CVE) ID: CVE-2005-3388 http://www.securityfocus.com/bid/15248 Bugtraq: 20051031 Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() (Google Search) http://www.securityfocus.com/archive/1/415292 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/ http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml HPdes Security Advisory: HPSBMA02159 HPdes Security Advisory: SSRT061238 http://www.mandriva.com/security/advisories?name=MDKSA-2005:213 http://www.hardened-php.net/advisory_182005.77.html http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542 http://www.redhat.com/support/errata/RHSA-2005-831.html http://www.redhat.com/support/errata/RHSA-2005-838.html RedHat Security Advisories: RHSA-2006:0549 http://rhn.redhat.com/errata/RHSA-2006-0549.html http://securitytracker.com/id?1015130 http://secunia.com/advisories/17371 http://secunia.com/advisories/17490 http://secunia.com/advisories/17510 http://secunia.com/advisories/17531 http://secunia.com/advisories/17557 http://secunia.com/advisories/17559 http://secunia.com/advisories/18198 http://secunia.com/advisories/18669 http://secunia.com/advisories/21252 http://securityreason.com/securityalert/133 SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) SuSE Security Announcement: SUSE-SR:2005:027 (Google Search) http://www.novell.com/linux/security/advisories/2005_27_sr.html TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt https://www.ubuntu.com/usn/usn-232-1/ http://www.vupen.com/english/advisories/2005/2254 Common Vulnerability Exposure (CVE) ID: CVE-2005-3389 http://www.securityfocus.com/bid/15249 Bugtraq: 20051031 Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() (Google Search) http://www.securityfocus.com/archive/1/415291 http://www.hardened-php.net/advisory_192005.78.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11481 http://securitytracker.com/id?1015131 http://secunia.com/advisories/18054 http://securityreason.com/securityalert/134 SuSE Security Announcement: SUSE-SA:2005:069 (Google Search) http://www.securityfocus.com/archive/1/419504/100/0/threaded Common Vulnerability Exposure (CVE) ID: CVE-2005-3390 http://www.securityfocus.com/bid/15250 Bugtraq: 20051031 Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability (Google Search) http://www.securityfocus.com/archive/1/415290/30/0/threaded http://www.hardened-php.net/advisory_202005.79.html http://www.hardened-php.net/globals-problem https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537 http://securitytracker.com/id?1015129 http://securityreason.com/securityalert/132
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.