04 May 2012
14 May 2012
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Two vulnerabilities have been reported in PHP, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.
1) An error when parsing certain QUERY_STRING parameters can be exploited to e.g. disclose the PHP source code or execute arbitrary code.
This vulnerability is reported in versions 5.3.12 and prior and versions 5.4.2 and prior.
2) An error in the "apache_request_headers()" function can be exploited to cause a buffer overflow.
NOTE: This vulnerability affects version 5.4 only.
Update to versions 5.4.3 and 5.3.13.
1) De Eindbazen