SUSE Linux Security Vulnerability: CVE-2005-2498
Description
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Solution(s)
- suse-upgrade-apache-mod_php4
- suse-upgrade-apache2-mod_php4
- suse-upgrade-mod_php4-core
- suse-upgrade-mod_php4-servlet
- suse-upgrade-php4-devel
- suse-upgrade-php4-exif
- suse-upgrade-php4-fastcgi
- suse-upgrade-php4-imap
- suse-upgrade-php4-mysql
- suse-upgrade-php4-pear
- suse-upgrade-php4-session
- suse-upgrade-php4-sysvshm
- suse-upgrade-php5-suhosin
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center