large Опубликовано 18 февраля, 2007 Жалоба Поделиться Опубликовано 18 февраля, 2007 Установлен Apache 1.3.37 + PHP 4.4.5 SSS выдает следующие уязвимости... может причина в параметрах php.ini ? PHP PHPInfo Large Input Cross-Site Scripting Vulnerability PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. PHP Multiple Unspecified Vulnerabilities PHP is vulnerable to multiple unspecified vulnerabilities. These issues range from buffer-overflow to cross-site scripting vulnerabilities.The precise nature of these vulnerabilities is currently not known; this BID will be updated as further information becomes available.Some of the issues discussed may be related to other BIDs regarding PHP vulnerabilities. PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities PHP is prone to multiple 'safe_mode' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information, or to write files in unauthorized locations.These vulnerabilities would be an issue in shared-hosting configurations where multiple users have the ability to create and execute arbitrary PHP script code, when the 'safe_mode' and 'open_basedir' restrictions are expected to isolate the users from each other.These issues are reported to affect PHP versions 4.4.2 and 5.1.2; other versions may also be vulnerable. PHP Html_Entity_Decode() Information Disclosure Vulnerability PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker.Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.PHP versions prior to 5.1.3-RC1 are vulnerable to this issue. Цитата Ссылка на комментарий Поделиться на другие сайты Поделиться
Firebird Опубликовано 18 февраля, 2007 Жалоба Поделиться Опубликовано 18 февраля, 2007 Боюсь что никак Данные уязвимости таскаются от версии к версии и пока не исправлены. Тем более что 4.4.5 - самая последняя версия из линейки PHP 4. Цитата Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения
Присоединяйтесь к обсуждению
Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.