PHP 'php _ var_unserialize () 'function re-exploits the remote code execution vulnerability after it is released

PHP 'php _ var_unserialize () 'function re-exploits the remote code execution vulnerability after it is released
PHP 'php _ var_unserialize () 'function re-exploits the remote code execution vulnerability after it is released

Release date:
Updated on:

Affected Systems:

PHP PHP 5.x

Description:

Bugtraq id: 76734
CVE (CAN) ID: CVE-2015-6835

PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.

PHP re-exploits after release in php/php_binary session deserialization. Remote attackers can exploit this vulnerability to execute arbitrary code or cause DOS.

<* Source: Taoguang Chen
*>

Suggestion:

Vendor patch:

PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://git.php.net /? P = php-src.git; a = commit; h = df4bf28f9fda-ca3ef78ed94b497859f15b004e5

Https://bugs.php.net/bug.php? Id = 70219

PHP 7 innovation and Performance Optimization

PHP 7, you deserve it

Experience PHP 7.0 on CentOS 7.x/Fedora 21

Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)

Nginx startup failure occurs during LNMP deployment.

Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)

Detailed php hd scanning PDF + CD source code + full set of teaching videos

Configure the php lnmp development environment in CentOS 6

PHP details: click here
PHP: click here

This article permanently updates the link address: