Webdev PHP vulnerabilitiies

Hi,

One of my clients did a vulnerabilitiy check using this website: www.shodan.io

It came up with quite a bunch of warning/errors. all mentioning PHP and/or graphics libraries.
Like this one:

Quote
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x
before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote
LDAP servers to cause a denial of service (NULL pointer dereference
and application crash) because of mishandling of the ldap_get_dn
return value.

or this

Quote
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP
before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before
7.2.1, has an integer signedness error that leads to an infinite loop via a
crafted GIF file, as demonstrated by a call to the imagecreatefromgif
or imagecreatefromstring PHP function. This is related to GetCode_
and gdImageCreateFromGifCtx.

I'm not a web export (yet:) , but does Webdev need these PHP libraries on the server if my webportals are not in PHP-mode?
And how to disable them?

It is btw an IIS webserver on Windows (on the top of my head 2016)

Arie

I'm confused...

Your title is "Webdev PHP vulnerabilitiies" and then you ask "does Webdev need these PHP libraries on the server if my webportals are not in PHP-mode?"

so, if your website is developed in php mode (always a mistake) then yes, it needs the php engine on the server, and you have all the vulnerabilities of php

If you develop using awp or classic mode, then php can be uninstalled from the server and you do NOT have any of it's vulenrabilities

Thnxs,

I do not use PHP at all, only AWP or dynamic.
I will instruct my customer to disable PHP and then we weil see.

Arie