Дата обнаружения
|
11/01/2017 |
Уровень угрозы
|
Critical |
Описание
|
An improper implementation of the SplObjectStorage unserialize in ext/spl/spl_observer.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed serialized data. Technical details Vulnerability occurs because an implementation does not verify whether a key is an object or not. |
Пораженные продукты
|
PHP 7.x before 7.0.12 |
Решение
|
Update to the latest version |
Первичный источник обнаружения
|
PHP Bug Tracking System |
Оказываемое влияние
?
|
ACE
[?]
DoS
[?]
|
Связанные продукты
|
PHP |
CVE-IDS
|
|
Узнай статистику распространения уязвимостей в твоем регионе |