Does anybody know, how QID 12722 is detected by Qualys-VM?
As this QID is flagged as a "potential vulnerability" only, Qualys-VM may only look at the PHP version in use. However, this is even challenging as PHP does not specifically address the 5.4.x versions that may contain the fix,
It only mentions the fix available in 5.5.x starting with 5.5.2 (www.php.net/ChangeLog-5.php).
What about 5.4.x: is it fixed in 5.4.17 (as the NVD site suggests: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4718) or in 5.4.18 (as this version was released in sync with 5.5.2), or even not at all in the 5.4.x line...?