MS-ISAC: 2018-046 – Multiple Vulnerabilities in PHP
Incident Report for Pivotal Web Services
Resolved
This incident has been resolved.
Posted 6 months ago. May 04, 2018 - 10:49 PDT
Monitoring
Multiple upstream vulnerabilities have been discovered in all supported PHP versions in the PHP buildpack. MS-ISAC reports that the most severe of these vulnerabilities could allow an attacker to execute arbitrary code. An attacker could take advantage of this type of vulnerability to steal credentials, modify application code, cause a denial of service attack, or take other malicious actions.

As soon as possible: Restage your Pivotal Web Services PHP application(s) to use the latest PHP buildpack (v4.3.53). Confirm that PHP apps are configured to use PHP 7.2.5, PHP 7.1.17, PHP 7.0.30, or PHP 5.6.36.

https://www.cloudfoundry.org/blog/ms-isac-2018-046/
Posted 7 months ago. Apr 27, 2018 - 21:35 PDT