Release DateMar 17, 2010 |
Severityhigh |
ImpactAttackers can create cross-site scripting issues or execute arbitrary code. |
DescriptionPHP is a scripting language which acts as a module for Apache or as a standalone interpreter.This vulnerability can be exploited to execute arbitrary code on the remote host if the option memory_limit is set. Another bug may allow an attacker to bypass content-restrictions in the function strip_tags() under certain conditions such as when register_globals is enabled. These vulnerabilities has been confirmed in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3. Some older versions may also be affected. |
Affected Products |
Recommended ActionsUpgrade to the latest version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0594CVE-2004-0595 |
Reference/shttp://www.securityfocus.com/bid/10724 (BugTraq) |
