A security update released for PHP Denial of Service Vulnerability.
CVE-2021-21702 — Denial Of Service
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Follow Us on: Twitter, Instagram, Facebook to get latest security news!
However, Successful exploitation can enable an attacker to cause PHP to crash resulting in a Denial-Of-Service condition.
In addition, the vulnerability is considered as HIGH severity with score 7.8 where this is vulnerable to Windows, Linux platforms.
| Vulnerability Rating | CVSS v3.0 |
| Base Score | 7.5 |
| Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Vulnerability Rating | CVSS v2.0 |
| Base Score | 7.8 |
| Base Metrics | CVSS:2.0/AV:N/AC:L/AU:N/C:N/I:N/A:C |
Vulnerable Products
The vulnerability is vulnerable to PHP Versions Prior to 7.4.15 and PHP Version 7.4.15 is not vulnerable to this issue.
Solution:
It is recommend to upgrade PHP version7.3 packages.
On the other hand, Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could also result in information disclosure, cookie forgery or incorrect encryption.
Leave A Comment