Security vulnerability for PHP version 7.1.x, 7.2.x, 7.3.x in Azure Web app

Henrique Santos 0 Reputation points

In 2018, the security team detected a vulnerability related to the PHP.
I would like to know if this vulnerability still exists, or if it has already been fixed.

Below is the security report:
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an infinite loop when using program execution functions (e.g. passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing that master process to consume 100% of the CPU and consume disk space with a large volume of error logs, as demonstrated by a customer attack on a shared hosting resource.

Source: Thanks!

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,530 questions
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 14,231 Reputation points Microsoft Employee

    @Henrique Santos We provide patches for any vulnerabilities for our platform, including framework patches. If a patch is available, we will apply it within a timely manner. If a framework is listed, we have it patched with the latest. If a framework version becomes unsupported, we work to remove the framework and push customers to a newer and secure framework version. Beyond that, let me know if you have any further questions or concerns.

    0 comments No comments