CVE-2019-13224, Other Critical Flaws in PHP - Patch Ora
CYBER NEWS

CVE-2019-13224, Other Critical Flaws in PHP – Patch Ora

1 Star2 Stars3 Stars4 Stars5 Stars (1 voti, media: 5.00 su 5)
Loading ...

The latest versions of PHP were recently released (PHP version 7.3.9, 7.2.22 e 7.1.32 across several branches) to address several highly critical vulnerabilities in its core and bundled libraries. The most dangerous of these vulnerabilities are the ones that could lead to remote code execution.

Quasi 80% di tutti i siti web gestiti su PHP. Più in particolare, "PHP è utilizzato da 78.9% di tutti i siti linguaggio di programmazione lato server la cui sappiamo", according to W3Techs statistics. This means that the vulnerabilities could affect a large number of web applications that utilize PHP, including websites that run on content management systems such as WordPress and Drupal, ricercatori avvertono.




Più specificamente, depending on the affected codebase in a PHP app, the worst-case scenario attacks based on these flaws could allow threat actors to execute arbitrary code in the context of the application. In case of a failed attempt of exploitation, a denial-of-service (DoS) condition could be triggered on affected systems.

Correlata: CVE-2019-6977: Ancora un altro WordPress difetto critico Trovato, Sinistra senza patch Per 6 Anni

More about CVE-2019-13224

The worst of the flaws is known under the CVE-2019-13224 advisory. According to the official CVE-2019-13224 description, the vulnerability is “a use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2” that could allow attackers to potentially cause information disclosure, negazione del servizio, or possibly code execution by providing a crafted regular expression.

The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust, the advisory reads.

The already available patches address vulnerabilities in cURL, Exif function, FastCGI Process Manager, OPcache. There is currently no information of active attacks against these flaws. Tuttavia, immediate patching is required, so consider updating to the latest PHP version version 7.3.9, 7.2.22, o 7.1.32 il prima possibile. It should be noted that PHP version 7.1.32 fixes the CVE-2019-13224 flaw.

Avatar

Milena Dimitrova

Uno scrittore ispirato e gestore di contenuti che è stato con SensorsTechForum per 4 anni. Gode ​​di ‘Mr. Robot’e le paure‘1984’. Incentrato sulla privacy degli utenti e lo sviluppo di malware, crede fortemente in un mondo in cui la sicurezza informatica gioca un ruolo centrale. Se il buon senso non ha senso, lei sarà lì per prendere appunti. Quelle note possono poi trasformarsi in articoli!

Altri messaggi

Lascio un commento

Il tuo indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

Termine è esaurito. Ricarica CAPTCHA.

Condividi su Facebook Quota
Loading ...
Condividi su Twitter Tweet
Loading ...
Condividi su Google Plus Quota
Loading ...
Condividi su Linkedin Quota
Loading ...
Condividi su Digg Quota
Condividi su Reddit Quota
Loading ...
Condividi su Stumbleupon Quota
Loading ...