This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

PHP version changer
#13
[Not Solved] RE: PHP version changer
(02-08-2016, 09:34 PM)apinto Wrote:
(02-08-2016, 06:02 AM)Me.B Wrote: Not sure this is secure. And each php must be patched using suhosin.

M B

It might not be secure (I think it is not safe for a production server), but it is a step up and some people might really need it.

Keep testing, and check on security Tongue

i run server security runs for sql injection and other promblems and i place focus on them right now i ha 90 out of 100 which is a b in security this was due to openssl version and i have updated openssl
Quote:Hostname
xxxxxxxxxx.tk
Scan date
2016-01-27
Scan Status
Done
Vulnerability Score
90.00 (B) [Image: questionmark.gif]
Vulnerability SummaryHigh
0

Medium
1
OpenSSL Running Version Prior to 1.0.2e

Low
10
SMTP Service Cleartext Login Permitted
OpenSSL Version Detection
SMTP Authentication Methods
HTTP Packet Inspection
Supported SSL Ciphers Suites
Identify Unknown Services via GET Requests
Identify Unknown Services via GET Requests
SSL Verification Test
HTTP TRACE Method XSS Vulnerability
Directory Scanner

Total
11 
Vulnerability by Risk Level
Vulnerability by Service
Vulnerability Count
(Displays High and Medium risk vulnerabilities)

Security Testing
Type
Tests
Failed
PassedInfrastructure Tests
12907
11
12896
Blind SQL Injection
224
0
224
SQL Injection
272
0
272
Cross Site Scripting
464
0
464
Source Disclosure
272
0
272
PHP Code Injection
128
0
128
Windows Command Execution
192
0
192
UNIX Command Execution
208
0
208
UNIX File Disclosure
128
0
128
Windows File Disclosure
432
0
432
Directory Disclosure
272
0
272
Remote File Inclusion
16
0
16
HTTP Header Injection
144
0
144



Medium risk vulnerabilities results for:xxxxxxx.tk
[Image: blank.gif]
1. OpenSSL Running Version Prior to 1.0.2e (Medium)
back
Port:
https (443/tcp)
Summary:
Multiple vulnerabilities have been found in OpenSSL:
* The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

* The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a Diffie-Hellman (DH) or Diffie-Hellman Ephemeral (DHE) ciphersuite.

* crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

* The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCSInstall Docs-ISPconfig or CMS application.

Banner: Server: Apache/2.4.17 (Win32) mod_antiloris/0.6.0 OpenSSL/1.0.2d PHP/5.6.15
Installed version: 1.0.2d
Fixed version: 1.0.2e
Recommended Solution:
Upgrade to OpenSSL version 1.0.2e or newer.
More information:
https://www.openssl.org/news/secadv/20151203.txt, and https://mta.openssl.org/pipermail/openss...01540.html
CVE:
CVE-2015-1794
CVE:
CVE-2015-3193
CVE:
CVE-2015-3194
CVE:
CVE-2015-3195
Test ID:
18638
so yes i do run audit checks [Image: vulnerability-scanner-8.gif]
Reply
Thanks given by:


Messages In This Thread
PHP version changer - by Theo - 12-21-2015, 04:44 AM
RE: PHP version changer - by Me.B - 12-21-2015, 06:12 AM
RE: PHP version changer - by TGates - 12-23-2015, 05:38 PM
RE: PHP version changer - by Me.B - 01-08-2016, 08:46 PM
RE: PHP version changer - by Theo - 02-01-2016, 10:31 PM
RE: PHP version changer - by ccr1969 - 02-05-2016, 02:01 AM
RE: PHP version changer - by apinto - 02-05-2016, 08:41 AM
RE: PHP version changer - by ccr1969 - 02-05-2016, 10:19 AM
RE: PHP version changer - by netfa - 02-08-2016, 12:45 AM
RE: PHP version changer - by ccr1969 - 02-08-2016, 06:37 AM
RE: PHP version changer - by Me.B - 02-08-2016, 06:02 AM
RE: PHP version changer - by apinto - 02-08-2016, 09:34 PM
RE: PHP version changer - by ccr1969 - 02-09-2016, 02:01 AM
RE: PHP version changer - by TGates - 02-09-2016, 03:30 AM
RE: PHP version changer - by ccr1969 - 02-09-2016, 11:21 AM
RE: PHP version changer - by TGates - 02-09-2016, 03:29 PM
RE: PHP version changer - by Kyrluckechuck - 03-21-2016, 03:10 PM
RE: PHP version changer - by ccr1969 - 05-17-2016, 12:43 PM
RE: PHP version changer - by TGates - 09-01-2016, 12:34 PM
RE: PHP version changer - by TGates - 09-03-2016, 03:59 AM
RE: PHP version changer - by ccr1969 - 09-09-2016, 03:28 AM
RE: PHP version changer - by hrace009 - 09-09-2016, 05:06 AM
RE: PHP version changer - by Fire - 05-09-2017, 08:22 PM
RE: PHP version changer - by type-00 - 10-08-2017, 04:06 AM
RE: PHP version changer - by type-00 - 10-08-2017, 06:45 PM
RE: PHP version changer - by betatester3.0 - 10-10-2017, 02:14 AM
RE: PHP version changer - by TGates - 10-10-2017, 03:38 AM
RE: PHP version changer - by type-00 - 10-10-2017, 04:54 PM
RE: PHP version changer - by TGates - 10-11-2017, 12:05 AM
RE: PHP version changer - by type-00 - 10-11-2017, 08:31 AM
RE: PHP version changer - by TGates - 10-12-2017, 11:11 PM
RE: PHP version changer - by type-00 - 10-13-2017, 06:13 AM
RE: PHP version changer - by cantalupo555 - 11-26-2017, 08:03 PM
RE: PHP version changer - by ccr1969 - 11-29-2017, 02:46 AM
RE: PHP version changer - by DkHosting - 11-29-2017, 04:36 AM
RE: PHP version changer - by TGates - 11-29-2017, 04:39 AM
RE: PHP version changer - by ccr1969 - 11-29-2017, 05:05 AM
RE: PHP version changer - by Ron-e - 12-03-2017, 06:14 PM
RE: PHP version changer - by ccr1969 - 12-28-2017, 02:24 PM
RE: PHP version changer - by aaronlroberts - 12-10-2017, 03:40 AM
PHP version changer - by type-00 - 12-03-2017, 05:18 AM
RE: PHP version changer - by gabriel15959 - 02-21-2018, 01:30 AM
RE: PHP version changer - by RactHosting - 03-17-2018, 08:37 PM
RE: PHP version changer - by windertal - 03-19-2018, 04:15 AM
RE: PHP version changer - by ccr1969 - 04-08-2018, 01:30 PM
RE: PHP version changer - by ccr1969 - 04-09-2018, 08:13 AM
RE: PHP version changer - by cantalupo555 - 05-09-2018, 07:00 PM
PHP version changer - by type-00 - 07-02-2018, 05:09 AM
RE: PHP version changer - by type-00 - 01-17-2019, 05:05 PM

Possibly Related Threads...
Thread Author Replies Views Last Post
Sentastico MediaWiki Requires Newer Version of PHP? dsmarter 1 2 392 08-19-2017, 03:45 AM
Last Post: TGates
How to install Select PHP Version cangkirhost 5 8 992 11-03-2016, 12:03 PM
Last Post: cangkirhost

Forum Jump:


Users browsing this thread: 1 Guest(s)