F5 Networks BIG-IP : PHP vulnerability (K75543432)
Medium Nessus Plugin ID 110059
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)
This vulnerability allows unauthorized disclosure of information, unauthorized modification, and disruption of service.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K75543432.