PHP.Error.Logging.Format.String
Description
It indicates a possible Format string vulnerability in PHP based application.
A format string vulnerability is reported in PHP code that handles error logging. An attacker can craft a string containing malicious format and pass it to logging functions syslog() and vsnprintf() as part of error log. As a result of this an attacker can write arbitrary data to the system and gain access to the system with privilege of web server.
Affected Products
PHP 3.0 and 4.0.
Impact
Gain access to the system.
Recommended Actions
Apply appropriate patch or upgrade to PHP 4.0.3 or higher.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |