PHP Security Vulnerabilities Discovered

Source: Internet
Author: User
Tags php server php website
According to PHP, servers running PHP are vulnerable to a variety of malicious program attacks, including allowing attackers to execute malicious code and DoS attacks. The PHP organization released an upgraded version to fix these vulnerabilities, which can be downloaded from the PHP website or directly obtained from various operating system vendors. PHP organizations strongly recommend that users upgrade to the new version. PHP is mainly used for server applications. according to the PHP organization, servers running PHP are vulnerable to a variety of malicious program attacks, including allowing attackers to execute malicious code and DoS attacks.
The PHP organization released an upgraded version to fix these vulnerabilities, which can be downloaded from the PHP website or directly obtained from various operating system vendors. PHP organizations strongly recommend that users upgrade to the new version.
PHP is an open-source programming language mainly used for server applications. it runs on Linux, Unix, Mac OS, Windows, and other server operating systems.
Two vulnerabilities are found in the EXIF module of PHP. this module is used to process the interchangeable Image File Format (EXIF) specification used by digital cameras. the exif_process_IFD_TAG () of this module () A vulnerability in the function may be exploited by the specially crafted "image file directory (IFD)" label to cause buffer overflow and execute malicious code with PHP server permissions.
The second EXIF module vulnerability may cause infinite recursion, causing program crash.
Another vulnerability affects the php_handle_iff () and php_handle_jpeg () functions, which can be exploited by specially crafted images to create an infinite loop, consuming all available CPU resources and forming DoS attacks.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.