Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
by CIRT Team
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.
Below versions are affected:
- PHP 5.6 prior to 5.6.31
- PHP 7.0 prior to 7.0.21
- PHP 7.1 prior to 7.1.7
Impact: Successfully exploiting the most severe of these vulnerabilities could allow for remote attackers to execute arbitrary code in the context of the affected application. Failed exploitation could result in a denial-of-service condition.
Mitigation: Upgrade to the latest version of PHP immediately, after appropriate testing.
Reference URL’s:
- http://php.net/ChangeLog-5.php#5.6.31
- http://php.net/ChangeLog-7.php#7.0.21
- http://php.net/ChangeLog-7.php#7.1.7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9227
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9229
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
