Hi,
One of my clients did a vulnerabilitiy check using this website: www.shodan.io
It came up with quite a bunch of warning/errors. all mentioning PHP and/or graphics libraries.
Like this one:
Quote
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x
before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote
LDAP servers to cause a denial of service (NULL pointer dereference
and application crash) because of mishandling of the ldap_get_dn
return value.
or this
Quote
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP
before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before
7.2.1, has an integer signedness error that leads to an infinite loop via a
crafted GIF file, as demonstrated by a call to the imagecreatefromgif
or imagecreatefromstring PHP function. This is related to GetCode_
and gdImageCreateFromGifCtx.
I'm not a web export (yet:
) , but does Webdev need these PHP libraries on the server if my webportals are not in PHP-mode?
And how to disable them?
It is btw an IIS webserver on Windows (on the top of my head 2016)
Arie