English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
KLA10944
Denial of service and arbitrary code execution vulnerabilities in PHP
Обновлено: 03/06/2020
|
Дата обнаружения
|
11/01/2017 |
|
Уровень угрозы
|
Critical |
|
Описание
|
An improper implementation of the SplObjectStorage unserialize in ext/spl/spl_observer.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed serialized data. Technical details Vulnerability occurs because an implementation does not verify whether a key is an object or not. |
|
Пораженные продукты
|
PHP 7.x before 7.0.12 |
|
Решение
|
Update to the latest version |
|
Первичный источник обнаружения
|
PHP Bug Tracking System |
|
Оказываемое влияние
?
|
ACE
[?]
DoS
[?]
|
|
Связанные продукты
|
PHP |
|
CVE-IDS
|
|
| Узнай статистику распространения уязвимостей в твоем регионе |