Navigation
Search
|
As PHP Group Patches High-Risk Bugs, 62% of Sites Still Use PHP 5
Saturday October 20, 2018. 11:48 PM , from Slashdot
America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news.
MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates. But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. 'The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided,' warned a recent CERT notice. So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that 'There has been no such notice from WordPress or Joomla.' Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/Zw8HDBZUn1Y/as-php-group-patches-high-risk-bugs-62-of-sites...
|
25 sources
Current Date
Nov, Thu 21 - 16:19 CET
|