Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 7.0.x < 7.0.17 / 7.1.x < 7.1.3 DoS

Medium

Synopsis

The remote web server uses a version of PHP that is affected by a Denial of Service (Dos) attack vector.

Description

Versions of PHP 7.0.x prior to 7.0.17 and 7.1.x prior to 7.1.3 are affected by an error related to handling HTTP POST requests when configured with a large 'post_max_size' that allows DoS attacks via CPU resource exhaustion.

Solution

Upgrade to PHP version 7.1.3. If 7.1.x cannot be obtained, 7.0.17 has also been patched for this vulnerability.