/ Register

Join the community today
Register Now

PHP Unpatched Vulnerability Affecting PHP 7 Servers

Discussion in 'Nginx and PHP-FPM news & discussions' started by Jimmy, Dec 30, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Dec 30, 2016 #1
    Jimmy

    Jimmy Premium Member Premium Member

    1,306
    271
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +669
    Local Time:
    11:24 PM
    1.13.x
    MariaDB 10.1.x
    • Informative Informative x 1
  2. Dec 30, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    35,073
    7,742
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,941
    Local Time:
    1:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    thanks for heads up !

     
  3. Dec 30, 2016 #3
    eva2000

    eva2000 Administrator Staff Member

    35,073
    7,742
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,941
    Local Time:
    1:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Also at 3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

     
  4. Dec 30, 2016 #4
    Jimmy

    Jimmy Premium Member Premium Member

    1,306
    271
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +669
    Local Time:
    11:24 PM
    1.13.x
    MariaDB 10.1.x
    Hopefully they fixed the first two... those seem to be the worst.
     
  5. Dec 30, 2016 #5
    eva2000

    eva2000 Administrator Staff Member

    35,073
    7,742
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,941
    Local Time:
    1:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Original source http://blog.checkpoint.com/2016/12/...lnerabilities-web-programming-language-php-7/

     
  6. Dec 30, 2016 #6
    eva2000

    eva2000 Administrator Staff Member

    35,073
    7,742
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,941
    Local Time:
    1:24 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    confusing classification of 'not vulnerable' and vulnerable on those linked CVEs suggestion PHP 7.0.14 has fixed all 3 CVEs ?
    Code (Text):
    PHP CVE-2016-7480 Remote Code Execution Vulnerability

Bugtraq ID:    95152
Class:    Design Error
CVE:    CVE-2016-7480
Remote:    Yes
Local:    No
Published:    Dec 27 2016 12:00AM
Updated:    Dec 30 2016 12:08AM
Credit:    CHECK POINT SECURITY RESEARCH
Vulnerable:    PHP PHP 7.0.5
PHP PHP 7.0.3
PHP PHP 7.0
PHP PHP 7.0.9
PHP PHP 7.0.8
PHP PHP 7.0.7
PHP PHP 7.0.6
PHP PHP 7.0.4
PHP PHP 7.0.2
PHP PHP 7.0.11
PHP PHP 7.0.10
PHP PHP 7.0.1
PHP PHP 7.0
Not Vulnerable:    PHP PHP 7.0.14
PHP PHP 7.0.12
PHP PHP 7.0.13

    Code (Text):
    PHP CVE-2016-7479 Denial of Service Vulnerability

Bugtraq ID:    95151
Class:    Failure to Handle Exceptional Conditions
CVE:    CVE-2016-7479
Remote:    Yes
Local:    No
Published:    Dec 29 2016 12:00AM
Updated:    Dec 30 2016 12:08AM
Credit:    Checkpoint.
Vulnerable:    PHP PHP 7.0.12
PHP PHP 7.0.5
PHP PHP 7.0.3
PHP PHP 7.0
PHP PHP 7.0.9
PHP PHP 7.0.8
PHP PHP 7.0.7
PHP PHP 7.0.6
PHP PHP 7.0.4
PHP PHP 7.0.2
PHP PHP 7.0.13
PHP PHP 7.0.11
PHP PHP 7.0.10
PHP PHP 7.0.1
PHP PHP 7.0
Not Vulnerable:

    Code (Text):
    PHP CVE-2016-7478 Remote Denial Of Service Vulnerability

Bugtraq ID:    95150
Class:    Failure to Handle Exceptional Conditions
CVE:    CVE-2016-7478
Remote:    Yes
Local:    No
Published:    Dec 28 2016 12:00AM
Updated:    Dec 30 2016 12:08AM
Credit:    yannayl at checkpoint.com.
Vulnerable:    PHP PHP 7.0.12
PHP PHP 7.0.5
PHP PHP 7.0.3
PHP PHP 7.0.9
PHP PHP 7.0.8
PHP PHP 7.0.7
PHP PHP 7.0.6
PHP PHP 7.0.4
PHP PHP 7.0.2
PHP PHP 7.0.13
PHP PHP 7.0.11
PHP PHP 7.0.10
PHP PHP 7.0.1
PHP PHP 7.0
PHP PHP 5.6.26
Not Vulnerable:


    PHP 7.0.14 change log
     
    Last edited: Dec 30, 2016
    • Informative Informative x 1
Previous Thread Next Thread
Loading...
..

.