Get the most out of your Centmin Mod LEMP stack
Become a Member

PHP Unpatched Vulnerability Affecting PHP 7 Servers

Discussion in 'Nginx and PHP-FPM news & discussions' started by Jimmy, Dec 30, 2016.

  1. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    12:14 AM
    1.13.x
    MariaDB 10.1.x
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    thanks for heads up !

     
  3. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    Also at 3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

     
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    12:14 AM
    1.13.x
    MariaDB 10.1.x
    Hopefully they fixed the first two... those seem to be the worst.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    Original source http://blog.checkpoint.com/2016/12/...lnerabilities-web-programming-language-php-7/

     
  6. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    confusing classification of 'not vulnerable' and vulnerable on those linked CVEs suggestion PHP 7.0.14 has fixed all 3 CVEs ?
    Code (Text):
    PHP CVE-2016-7480 Remote Code Execution Vulnerability
    
    Bugtraq ID:    95152
    Class:    Design Error
    CVE:    CVE-2016-7480
    Remote:    Yes
    Local:    No
    Published:    Dec 27 2016 12:00AM
    Updated:    Dec 30 2016 12:08AM
    Credit:    CHECK POINT SECURITY RESEARCH
    Vulnerable:    PHP PHP 7.0.5
    PHP PHP 7.0.3
    PHP PHP 7.0
    PHP PHP 7.0.9
    PHP PHP 7.0.8
    PHP PHP 7.0.7
    PHP PHP 7.0.6
    PHP PHP 7.0.4
    PHP PHP 7.0.2
    PHP PHP 7.0.11
    PHP PHP 7.0.10
    PHP PHP 7.0.1
    PHP PHP 7.0
    Not Vulnerable:    PHP PHP 7.0.14
    PHP PHP 7.0.12
    PHP PHP 7.0.13
    

    Code (Text):
    PHP CVE-2016-7479 Denial of Service Vulnerability
    
    Bugtraq ID:    95151
    Class:    Failure to Handle Exceptional Conditions
    CVE:    CVE-2016-7479
    Remote:    Yes
    Local:    No
    Published:    Dec 29 2016 12:00AM
    Updated:    Dec 30 2016 12:08AM
    Credit:    Checkpoint.
    Vulnerable:    PHP PHP 7.0.12
    PHP PHP 7.0.5
    PHP PHP 7.0.3
    PHP PHP 7.0
    PHP PHP 7.0.9
    PHP PHP 7.0.8
    PHP PHP 7.0.7
    PHP PHP 7.0.6
    PHP PHP 7.0.4
    PHP PHP 7.0.2
    PHP PHP 7.0.13
    PHP PHP 7.0.11
    PHP PHP 7.0.10
    PHP PHP 7.0.1
    PHP PHP 7.0
    Not Vulnerable:  

    Code (Text):
    PHP CVE-2016-7478 Remote Denial Of Service Vulnerability
    
    Bugtraq ID:    95150
    Class:    Failure to Handle Exceptional Conditions
    CVE:    CVE-2016-7478
    Remote:    Yes
    Local:    No
    Published:    Dec 28 2016 12:00AM
    Updated:    Dec 30 2016 12:08AM
    Credit:    yannayl at checkpoint.com.
    Vulnerable:    PHP PHP 7.0.12
    PHP PHP 7.0.5
    PHP PHP 7.0.3
    PHP PHP 7.0.9
    PHP PHP 7.0.8
    PHP PHP 7.0.7
    PHP PHP 7.0.6
    PHP PHP 7.0.4
    PHP PHP 7.0.2
    PHP PHP 7.0.13
    PHP PHP 7.0.11
    PHP PHP 7.0.10
    PHP PHP 7.0.1
    PHP PHP 7.0
    PHP PHP 5.6.26
    Not Vulnerable:
    


    PHP 7.0.14 change log
     
    Last edited: Dec 30, 2016
    • Informative Informative x 1