PHP XML Handling Heap Buffer Overflow Vulnerability July13 (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to PHP version 5.3.27 or later, For updates refer to http://php.net/

Insight

The flaw is triggered as user-supplied input is not properly validated when handling malformed XML input.

Affected

PHP version prior to 5.3.27

Detection

Get the installed version of PHP with the help of detect NVT and check it is vulnerable or not.

References

http://php.net/ChangeLog-5.php
http://seclists.org/bugtraq/2013/Jul/106
http://seclists.org/oss-sec/2013/q3/88
http://www.osvdb.org/95152
https://bugs.php.net/bug.php?id=65236

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4113
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Avant Browser Address Bar Spoofing Vulnerability
CA Gateway Security Remote Code Execution Vulnerability
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)

Take action and discover your vulnerabilities