- Home
- CVEs with nessus.description==According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially affected by a memory corruption flaw in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.
Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top