PHP version older than 4.3.8

Description

This alert was generated using only banner information. It may be a false positive.

Two problems have been reported in PHP versions older than 4.3.8. One may allow an attacker to execute arbitrary code on the remote host if memory_limit is set. The other problem is related with strip_tags function which is unable to properly filter null (\0) characters within tag names. This vulnerability may facilitate the exploitation of XSS (cross site scripting) vulnerabilities on Internet Explorer and Safari web browsers.

Affected PHP versions (up to 4.3.7).

Remediation

Upgrade PHP to the latest version.

References
Severity
Classification
Tags
  • Missing Update