ID de Prueba:	1.3.6.1.4.1.25623.1.0.801585
Categoría:	Web application abuses
Título:	PHP Multiple Security Bypass Vulnerabilities
Resumen:	PHP is prone to multiple security bypass vulnerabilities.
Descripción:	Summary: PHP is prone to multiple security bypass vulnerabilities. Vulnerability Insight: The flaws are caused to: - An error in handling pathname which accepts the '?' character in a pathname. - An error in 'iconv_mime_decode_headers()' function in the 'Iconv' extension. - 'SplFileInfo::getType' function in the Standard PHP Library (SPL) extension, does not properly detect symbolic links in windows. - Integer overflow in the 'mt_rand' function. - Race condition in the 'PCNTL extension', when a user-defined signal handler exists. Vulnerability Impact: Successful exploitation could allow remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact. Affected Software/OS: PHP version prior to 5.3.4. Solution: Update to PHP 5.3.4 or later CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-7243 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 44951 http://www.securityfocus.com/bid/44951 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://www.madirish.net/?article=436 http://openwall.com/lists/oss-security/2010/11/18/4 http://openwall.com/lists/oss-security/2010/11/18/5 http://openwall.com/lists/oss-security/2010/12/09/10 http://openwall.com/lists/oss-security/2010/12/09/11 http://openwall.com/lists/oss-security/2010/12/09/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html RedHat Security Advisories: RHSA-2013:1615 http://rhn.redhat.com/errata/RHSA-2013-1615.html RedHat Security Advisories: RHSA-2014:0311 http://rhn.redhat.com/errata/RHSA-2014-0311.html http://secunia.com/advisories/55078 Common Vulnerability Exposure (CVE) ID: CVE-2010-4699 http://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393 XForce ISS Database: php-iconvmimedecodeheaders-sec-bypass(64963) https://exchange.xforce.ibmcloud.com/vulnerabilities/64963 Common Vulnerability Exposure (CVE) ID: CVE-2011-0754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334 XForce ISS Database: php-splfileinfogettype-symlink(65429) https://exchange.xforce.ibmcloud.com/vulnerabilities/65429 Common Vulnerability Exposure (CVE) ID: CVE-2011-0753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271 XForce ISS Database: php-pcntl-dos(65431) https://exchange.xforce.ibmcloud.com/vulnerabilities/65431 Common Vulnerability Exposure (CVE) ID: CVE-2011-0755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12589 XForce ISS Database: php-mtrand-weak-security(65426) https://exchange.xforce.ibmcloud.com/vulnerabilities/65426
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.