F5 Networks BIG-IP : PHP vulnerabilities (SOL17377)
High Nessus Plugin ID 91433
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionUse after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL17377.