You can now find Cyber Kendra on Google News | Telegram

Posts

PHP 7 Suffers from 3 Critical Zero-days

Critical Zero-day Vulnerabilities found in PHP 7.

Security researcher have found a three critical zero-day vulnerability on latest PHP 7, which allows and attacker to take full control over the website using of PHP 7.

Security Researcher of Check point's exploit research team have found these critical zero-days, that reside in the unserialized mechanism in PHP 7.

The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies.

These zero-day Vulnerabilities dubbed as CVE-2016-7479 (Use after free code Execution) , CVE-2016-7480 (Use of Uninitialized value code execution), and CVE-2016-7478 (Remote Denial of Service). Among these, first two Vulnerabilities gives full control to attacker over the targeted server after successful exploitation, where as third one if exploited cause Denial of Service (DoS) attack.

All these three zero-days Vulnerabilities had been reported to PHP security team by researcher, but only two of them have been patched and one zero-day is still alive (yet to patch).

Patch of two Vulnerabilities have been released, so it is strongly recommended to all server admin to upgrade your PHP version to latest one.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.