Get In Touch
113 Cherry St #92768,
Seattle, WA 98104-2205
[email protected]

Critical vulnerability identified in PHP; hotfix available

The Zend Company reported today: A critical vulnerability in the PHP engine has just been identified. This exploit is significant because most PHP applications on impacted systems are remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability (see below).

Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser (click here for more information).

This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.

Platform Vulnerability
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO

Zend Server and Zend Server CE users should immediately apply the security hotfix.

Hotfixes for Zend Core and Zend Server CE tarball installer are currently being finalized and will be made available soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

This website stores yummy cookies on your computer. Cookie Policy