Oriental Alliance Guo Shenghua/Vulnerability description:
ZipArchive is a class library used to decompress zip packages in PHP. Some researchers have discovered that when using the two methods getFromIndex() and getFromName() in the PHP 7.x environment, the special zip package constructed can cause the PHP program to overflow. Attackers can use the vulnerability to cause denial of service or execute arbitrary execution. Code.
Affected version:
7.x-7.0.5
Vulnerability level:
high risk
Repair suggestions:
1. Upgrade PHP to the latest version.
2. Using Baidu Cloud Acceleration, Baidu Cloud Acceleration WAF firewall can successfully defend against this vulnerability.
3. Add a website to the cloud observation, and learn about sudden/0day vulnerabilities in website components in time.