http://displayart.info/manual/

PHP HTML Entity Encoder Heap Overflow Vulnerability
Vulnerability description
This alert has been generated using only banner information. It may be a false positive.

Stefan Esser reported some vulnerabilities in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected. For a detailed explanation of the vulnerability read the referenced article.
Vendor has released PHP 5.2.0 which fixes this issue.

Affected PHP versions (up to 4.4.4/5.1.6).

This vulnerability affects PHP.
The impact of this vulnerability
Denial of service, remote code execution.

Attack details
Current version is PHP/4.4.4


How to fix this vulnerability
Upgrade PHP to the latest version.

HTTP TRACE method is enabled
Vulnerability description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
This vulnerability affects Web Server.
The impact of this vulnerability
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.