Unpatched Vulnerability Affecting PHP 7 Servers
confusing classification of 'not vulnerable' and vulnerable on those linked CVEs suggestion PHP 7.0.14 has fixed all 3 CVEs ? Code (Text): PHP CVE-2016-7480 Remote Code Execution Vulnerability Bugtraq ID: 95152 Class: Design Error CVE: CVE-2016-7480 Remote: Yes Local: No Published: Dec 27 2016 12:00AM Updated: Dec 30 2016 12:08AM Credit: CHECK POINT SECURITY RESEARCH Vulnerable: PHP PHP 7.0.5 PHP PHP 7.0.3 PHP PHP 7.0 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.7 PHP PHP 7.0.6 PHP PHP 7.0.4 PHP PHP 7.0.2 PHP PHP 7.0.11 PHP PHP 7.0.10 PHP PHP 7.0.1 PHP PHP 7.0 Not Vulnerable: PHP PHP 7.0.14 PHP PHP 7.0.12 PHP PHP 7.0.13 Code (Text): PHP CVE-2016-7479 Denial of Service Vulnerability Bugtraq ID: 95151 Class: Failure to Handle Exceptional Conditions CVE: CVE-2016-7479 Remote: Yes Local: No Published: Dec 29 2016 12:00AM Updated: Dec 30 2016 12:08AM Credit: Checkpoint. Vulnerable: PHP PHP 7.0.12 PHP PHP 7.0.5 PHP PHP 7.0.3 PHP PHP 7.0 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.7 PHP PHP 7.0.6 PHP PHP 7.0.4 PHP PHP 7.0.2 PHP PHP 7.0.13 PHP PHP 7.0.11 PHP PHP 7.0.10 PHP PHP 7.0.1 PHP PHP 7.0 Not Vulnerable: Code (Text): PHP CVE-2016-7478 Remote Denial Of Service Vulnerability Bugtraq ID: 95150 Class: Failure to Handle Exceptional Conditions CVE: CVE-2016-7478 Remote: Yes Local: No Published: Dec 28 2016 12:00AM Updated: Dec 30 2016 12:08AM Credit: yannayl at checkpoint.com. Vulnerable: PHP PHP 7.0.12 PHP PHP 7.0.5 PHP PHP 7.0.3 PHP PHP 7.0.9 PHP PHP 7.0.8 PHP PHP 7.0.7 PHP PHP 7.0.6 PHP PHP 7.0.4 PHP PHP 7.0.2 PHP PHP 7.0.13 PHP PHP 7.0.11 PHP PHP 7.0.10 PHP PHP 7.0.1 PHP PHP 7.0 PHP PHP 5.6.26 Not Vulnerable: PHP 7.0.14 change log