CIS Logo
tagline: Confidence in the Connected World

A vulnerability has been identified in PHP which could allow for remote code execution.

MS-ISAC ADVISORY NUMBER:

2015-047

DATE(S) ISSUED:

04/23/2015

OVERVIEW:

A vulnerability has been identified in PHP which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of a webserver. Failed attempts will likely result in denial-of-service conditions.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • PHP 5.6 prior to 5.6.8
  • PHP 5.5 prior to 5.5.24
  • PHP 5.4 prior to 5.4.40

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in PHP versions prior to 5.6.8, 5.5.24, and 5.4.40 which could lead to remote code execution. Specifically, the vulnerability occurs when a maliciously crafted request is submitted to a web server running Apache 2.4 with the apache2handler configuration enabled. When this packet is processed by the application, it results in a segmentation fault in ‘sapi/apache2handler/sapi_apache2.c’. Successful exploitation of this vulnerability could result in remote code execution, allowing an attacker to run code in the context of the user running the affected application, failed attempts may result in denial of service conditions.

RECOMENDATIONS:

We recommend the following actions be taken:

Apply appropriate fixes or patches provided by the PHP Group to vulnerable systems immediately after appropriate testing.
Apply the principle of Least Privilege to all systems and services.
Limit user account privileges to only those required.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories