Release DateJan 05, 2012 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a Remote Command Injection vulnerability in PHP.The vulnerability is caused by a bug when the vulnerable software handles URIs that include shell metacharacters. It allows a remote attacker to inject arbitrary shell commands via sending a crafted HTTP request. |
Affected ProductsPHP PHP 4.3.5 and PHP PHP 4.3.3 |
Recommended ActionsUpgrade to the latest version, available from the following web site:http://www.php.net/downloads.php |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0542 |
Reference/shttp://www.securityfocus.com/bid/10471 (BugTraq) |
