Skip to Content.
Sympa Menu

cv-announce-l - [cv-announce-l] Multiple Vulnerabilities in PHP (MS-ISAC 2018-046)

Please Wait...

cv-announce-l@list.iu.edu

Subject: cv alerts list

List archive

[cv-announce-l] Multiple Vulnerabilities in PHP (MS-ISAC 2018-046)


Chronological Thread  
  • From: Andrew K Adams <akadams@psc.edu>
  • To: cv-announce@trustedci.org
  • Subject: [cv-announce-l] Multiple Vulnerabilities in PHP (MS-ISAC 2018-046)
  • Date: Mon, 30 Apr 2018 13:09:27 -0400


CI Operators and CI Developers


Multiple vulnerabilities have been discovered in PHP -- a programming language used for web-based applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application.  Failed exploitation of the vulnerabilities could result in a denial-of-service condition.


Affected Software:

* PHP 7.2 prior to 7.2.5

* PHP 7.1 prior to 7.1.17

* PHP 7.0 prior to 7.0.30

* PHP 5.0 prior to 5.6.36


Recommendation:

Upgrade PHP to the latest version.  Additionally, ensure that PHP is running with the least privileges necessary.


References:

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2018-046/


How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI (formerly CTSC) can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.





  • [cv-announce-l] Multiple Vulnerabilities in PHP (MS-ISAC 2018-046), Andrew K Adams, 04/30/2018

Archive powered by MHonArc 2.6.24.

Top of Page