Intrusion Prevention

PHP.Zend.Hash.Destroy.Uninitialized.Pointer.Code.Execution

Description

This indicates an attack attempt against a Code Execution vulnerability in PHP.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted serialized object. A remote attacker may be able to exploit this to execute arbitrary code on the affected systems.

Affected Products

PHP Group PHP 7.0.x up to 7.0.14
PHP Group PHP 7.1.0

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version available from the website.
http://php.net/downloads.php

CVE References

CVE-2017-5340