VID |
22972 |
Severity |
30 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
The version of PHP installed on the remote host is 8.x prior to 8.0.2. It is, therefore, affected by a denial of service (DoS) vulnerability due to a null dereference in SoapClient. An unauthenticated, remote attacker can exploit this, by providing an XML to the SoapCLient query() function without an existing field, in order to cause PHP to crash.
* References: https://www.php.net/ChangeLog-8.php#8.0.2
* Platforms Affected: PHP Prior to 8.0.2 Any operating system Any version |
Recommendation |
Upgrade to the latest version of PHP (8.0.2 or later), available from the PHP web site at http://www.php.net/downloads.php |
Related URL |
CVE-2021-21702 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|