PHP version older than 5.2.1

Description
  • This alert was generated using only banner information. It may be a false positive.

    This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible.

    Security Enhancements and Fixes in PHP 5.2.1:

    • Fixed possible safe_mode & open_basedir bypasses inside the session extension.
    • Prevent search engines from indexing the phpinfo() page.
    • Fixed a number of input processing bugs inside the filter extension.
    • Fixed unserialize() abuse on 64 bit systems with certain input strings.
    • Fixed possible overflows and stack corruptions in the session extension.
    • Fixed an underflow inside the internal sapi_header_op() function.
    • Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
    • Fixed possible stack overflows inside zip, imap & sqlite extensions.
    • Fixed several possible buffer overflows inside the stream filters.
    • Fixed non-validated resource destruction inside the shmop extension.
    • Fixed a possible overflow in the str_replace() function.
    • Fixed possible clobbering of super-globals in several code paths.
    • Fixed a possible information disclosure inside the wddx extension.
    • Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
    • Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
    • Fixed a string format vulnerability inside the odbc_result_all() function.
    • Memory limit is now enabled by default.
    • Added internal heap protection.
    • Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.


    Affected PHP versions (up to 5.2.0).
Remediation
  • Upgrade PHP to the latest version.
References