@Henrique Santos We provide patches for any vulnerabilities for our platform, including framework patches. If a patch is available, we will apply it within a timely manner. If a framework is listed, we have it patched with the latest. If a framework version becomes unsupported, we work to remove the framework and push customers to a newer and secure framework version. Beyond that, let me know if you have any further questions or concerns.
Security vulnerability for PHP version 7.1.x, 7.2.x, 7.3.x in Azure Web app
In 2018, the security team detected a vulnerability related to the PHP.
I would like to know if this vulnerability still exists, or if it has already been fixed.
Below is the security report:
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an infinite loop when using program execution functions (e.g. passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing that master process to consume 100% of the CPU and consume disk space with a large volume of error logs, as demonstrated by a customer attack on a shared hosting resource.
Source: https://www.cve.org/CVERecord?id=CVE-2015-9253 Thanks!
@brtrach-MSFT Thanks for the answer! Regarding my post, this vulnerability analysis report happened in November 2023 and raised this question about PHP. In this case, will I be protected if I create an app using the latest PHP runtime version available on an Azure Web App? A curiosity that I noticed, when I create an Azure web app for Windows with .Net Core 8(LTS) runtime and run the "php -v" command in CMD, it displays version 5.2.40, this may cause a problem of vulnerability?
Sign in to comment