CIS CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
A vulnerability has been identified in PHP which could allow for remote code execution.
A vulnerability has been identified in PHP which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of a webserver. Failed attempts will likely result in denial-of-service conditions.
There are currently no reports of this vulnerability being exploited in the wild.
- PHP 5.6 prior to 5.6.8
- PHP 5.5 prior to 5.5.24
- PHP 5.4 prior to 5.4.40
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: Low
A vulnerability has been discovered in PHP versions prior to 5.6.8, 5.5.24, and 5.4.40 which could lead to remote code execution. Specifically, the vulnerability occurs when a maliciously crafted request is submitted to a web server running Apache 2.4 with the apache2handler configuration enabled. When this packet is processed by the application, it results in a segmentation fault in ‘sapi/apache2handler/sapi_apache2.c’. Successful exploitation of this vulnerability could result in remote code execution, allowing an attacker to run code in the context of the user running the affected application, failed attempts may result in denial of service conditions.
We recommend the following actions be taken:
- Apply appropriate fixes or patches provided by the PHP Group to vulnerable systems immediately after appropriate testing.
- Apply the principle of Least Privilege to all systems and services.
- Limit user account privileges to only those required.