PHP version older than 5.2.1

  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/>This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible. <br/><br/><strong>Security Enhancements and Fixes in PHP 5.2.1:</strong><br/><br/><ul> <li>Fixed possible safe_mode & open_basedir bypasses inside the session extension.</li> <li>Prevent search engines from indexing the phpinfo() page.</li> <li>Fixed a number of input processing bugs inside the filter extension.</li> <li>Fixed unserialize() abuse on 64 bit systems with certain input strings.</li> <li>Fixed possible overflows and stack corruptions in the session extension.</li> <li>Fixed an underflow inside the internal sapi_header_op() function.</li> <li>Fixed allocation bugs caused by attempts to allocate negative values in some code paths.</li> <li>Fixed possible stack overflows inside zip, imap & sqlite extensions.</li> <li>Fixed several possible buffer overflows inside the stream filters.</li> <li>Fixed non-validated resource destruction inside the shmop extension.</li> <li>Fixed a possible overflow in the str_replace() function.</li> <li>Fixed possible clobbering of super-globals in several code paths.</li> <li>Fixed a possible information disclosure inside the wddx extension.</li> <li>Fixed a possible string format vulnerability in *print() functions on 64 bit systems.</li> <li>Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.</li> <li>Fixed a string format vulnerability inside the odbc_result_all() function.</li> <li>Memory limit is now enabled by default.</li> <li>Added internal heap protection.</li> <li>Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.</li> </ul><br/><br/><span class="bb-navy">Affected PHP versions (up to 5.2.0).</span><br/>
  • Upgrade PHP to the latest version.