According to the PHP organization, the server running PHP is vulnerable to a variety of malicious program attacks, including allowing attackers to execute malicious code and DOS attacks.
The PHP organization has released an upgraded version of the bug that can be downloaded from the PHP Web site or obtained directly from each operating system vendor. The PHP organization strongly recommends that users upgrade to a new version.
PHP is an open-source programming language primarily for server-side applications, running on server operating systems such as Linux, Unix, Mac OS, and Windows.
There are two vulnerabilities found in the EXIF module of PHP, this module is used to handle digital cameras using the exchangeable image File Format (EXIF) specification, a vulnerability in the module's Exif_process_ifd_tag () function may be specially crafted "image file directory (IFD)" Tag exploits to cause buffer overflow and execute malicious code with PHP server permissions.
The second EXIF module vulnerability could lead to infinite recursion, causing the executed program to crash.
Another vulnerability affects the Php_handle_iff () and Php_handle_jpeg () functions, which can be exploited by specially crafted images to create an infinite loop that consumes all available CPU resources and forms a Dos attack.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
