|
22楼
发表于 2005-4-18 19:09
|
只看该作者
来自 浙江省金华市
远程主机运行了旧于4.3.8版本的PHP
PHP是充当Apache模块或独立解释器的一种脚本语言。在安装了这些版本软件的远程主机上存在着一个缺陷,只要设置了option memory_limit,攻击者就可以在远程主机上执行任何代码。函数strip_tags()有另外一个缺陷,提交数据时,可以让攻击者绕过content-restrictions,或导致cross-site-scripting。
解决方案 : 升级至PHP 4.3.8 ;风险等级 : 高
___________________________________________________________________
The remote host is running a version of PHP 4.3 which is older or equal to
4.3.7.
PHP is a scripting language which acts as a module for Apache or as a standalone
interpreter. There is a bug in the remote version of this software which may
allow an attacker to execute arbitrary code on the remote host if the option
memory_limit is set. Another bug in the function strip_tags() may allow
an attacker to bypass content-restrictions when submitting data and may
lead to cross-site-scripting issues.
Solution : Upgrade to PHP 4.3.8
Risk factor : High
CVE_ID : CAN-2004-0594, CAN-2004-0595
BUGTRAQ_ID : 10724, 10725
NESSUS_ID : 13650
Other references : OSVDB:7870, OSVDB:7871 |
|