Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 7.0.x < 7.0.14 RCE

High

Synopsis

The remote web server uses a version of PHP that is affected by a Remote Code Execution (RCE) attack vector.

Description

Versions of PHP 7.0.x prior to 7.0.14 are vulnerable to a use-after-free error in the 'unserialize()' function in 'ext/standard/var.c'. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.

Solution

Upgrade to PHP version 7.0.14 or later.