Code: p82 Severity: Warning
Description: PHP. This check recognizes an attack on the PHP cgi-bin program. By overflowing a buffer in the PHP program, a remote attacker can execute commands as the user of the httpd process is running as on a Web server. Impact: All systems using the PHP facility. Since this facility does not come with web servers by default, but is installed manually, you should check to see whether your web servers have this vulnerability. Corrective: If the target system is vulnerable to this attack, then you should consider the system compromised and take appropriate action. Disable the PHP facility or move the PHP directory structure outside the web tree.
|
