Knowledge

1/26/2016

January 25 – PHP – Multiple Vulnerabilities – Some Critical

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.  

1. This week security community announced multiple code weaknesses and related vulnerability in PHP. Some of them can cause denial of service but more problematic would allow remote code execution that might result in full server take over.

Following CVEs were issued:
CVE-2015-5590
CVE-2015-6527
CVE-2015-6831
CVE-2015-6832
CVE-2015-6836
CVE-2015-8616
CVE-2015-8617
CVE-2016-1904

Overall PHP – well known for weak input handling, buffer overflows were holding well lately. This large amount of CVEs shows that not all issues have been resolved. We advise to patch as soon as possible or ask Digital Edge security team for help. 

2. New Fortinet vulnerabilities were discovered, that are very similar to the Juniper vulnerability announced a month ago. Fortinet is large Digital Edge partner. We verified with the hardware manufacturer that the firmware used in our devices are not affected by the vulnerability.

The CVE (CVE-2016-1909) is strangely similar to the one issued for Juniper – a remote user may obtain administrative access to the device. 

3. 2 SAP HANA vulnerabilities are discovered, both can cause denial of service through disk overload. 

Following CVEs were issued:
CVE-2016-1928
CVE-2016-1929

If you feel that you need assistance from the Digital Edge Security team, please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET or open a ticket through Digital Edge’s website at https://www.digitaledge.net

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and Digital Edge of technology.

Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

Was this article helpful?