Main Vulnerability Database Exploits ID:2684 - Exploit for Infinite loop in PHP - CVE-2016-7478

ID:2684 - Exploit for Infinite loop in PHP - CVE-2016-7478

Published: May 18, 2020

Vulnerability identifier: #VU16135

Vulnerability risk: Low

CVE-ID: CVE-2016-7478

CWE-ID: CWE-835

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-1001/

Vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to infinite loop in zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13. A remote attacker can trigger infinite loop and cause the service to crash via a crafted Exception object in serialized data.

Remediation

Install update from vendor's website.

ID:2684 - Exploit for Infinite loop in PHP - CVE-2016-7478

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human