Korean
<< Back
VID 22970
Severity 30
Port 80, ...
Protocol TCP
Class CGI
Detailed Description The version of PHP installed on the remote host is 7.3.x prior to 7.3.27.
It is, therefore, affected by a denial of service (DoS) vulnerability due to a null dereference in SoapClient. An unauthenticated, remote attacker can exploit this, by providing an XML to the SoapCLient query() function without an existing field, in order to cause PHP to crash.

* References:
https://www.php.net/ChangeLog-7.php#7.3.27

* Platforms Affected:
PHP Prior to 7.3.27
Any operating system Any version
Recommendation Upgrade to the latest version of PHP (7.3.27 or later), available from the PHP web site at http://www.php.net/downloads.php
Related URL CVE-2021-21702 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)