Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Exploits

Old PHP Vulnerability Utilized in new Server Attacks

Paul Anderson by Paul Anderson
March 21, 2014
in Exploits, Security
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Server admins do not always update servers with the latest patches, especially when older versions of software come pre-installed on servers. Many admins don’t realize that their Web servers are exploitable via freely available exploits.

You might also like

Downthem DDoS service owner gets a 2-year prison sentence

Cloudflare Stops Record-Breaking DDoS

Chrome Browser Extension Vytal Prevents Privacy Leaks

Imperva issued a threat advisory on Wednesday for a code injection vulnerability in PHP (CVE-2012-1823).

“Zero-day vulnerabilities become zero-effort,” Shteiman of Imperva stated, noting that attackers can use publicly available exploits to craft new attacks.

Although this particular PHP flaw was discovered in March 2012 and fixed in May, a public exploit campign started in October 2013, Imperva said in their advisory. The reality that the exploit became freely available more than a year later suggests criminals remained utilizing it in some degree of success targeting this vulnerability, Shteiman said.

There’s a time gap between in the event the patch is offered and when administrators and organizations become mindful that both the problem and a fix are offered. Cyber-criminals know that servers running PHP are often not updated even though newer versions can be found.

“This creates a window of opportunity for hackers to act on, as they know that the window will be open for a long time,” Imperva stated.

“Hacking is no longer about showing off, but more about financial gain with the least amount of effort,” Shteiman added.

Currently, 82 percent of most Websites today are developed in PHP, in accordance with Imperva’s data. The bug exists in PHP versions older than 5.4.2 or 5.3.12, and version 5.3 works with almost 42 percent of all the sites.

Tags: exploitsImpervaphpvulnerability
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Downthem DDoS service owner gets a 2-year prison sentence

by Christi Rogalski
June 30, 2022
0
Downthem DDoS Service owner sentenced

Matthew Gatrel, a resident of St. Charles, Illinois, has been sentenced to two years in prison for violating the Computer Fraud and Abuse Act (CFAA). The 33-year-old was...

Read more

Cloudflare Stops Record-Breaking DDoS

by Christi Rogalski
June 29, 2022
0
Cloudflare record breaking DDoS

Cloudflare has reported that it successfully neutralized the largest recorded DDoS attack in history. The attack, a 26 million request per second onslaught, targeted a customer on the...

Read more

Chrome Browser Extension Vytal Prevents Privacy Leaks

by Christi Rogalski
June 19, 2022 - Updated on June 20, 2022
0
Vytal Chrome Extension spoofs location data

Released in 2008, Google Chrome is a cross-platform web browser. With over 3.2 billion internet users worldwide, there's no denying that Chrome is the most popular browser today....

Read more

State-sponsored Iranian Hackers utilize .NET DNS Backdoor in new Attack

by Kyle
June 12, 2022
0
Lycaeum APT DNS hijacking backdoor

An Advanced Persistent Threat (APT) hacking group based out of Iran going by the name Lycaeum has been seen using a .NET-based DNS backdoor to target organizations within...

Read more

WatchDog’s new multi-stage cryptojacking attack unsurfaced

by Christi Rogalski
June 11, 2022
0
WatchDog Targets Docker Containers

Cado Security’s honeypot has recently captured a rather interesting cryptojacker from what they believe to be the WatchDog hacking group. They note that although the attack’s life cycle...

Read more
Next Post
Zero Day Impacts Most Versions of Microsoft Word

Zero Day Impacts Most Versions of Microsoft Word

Related News

Downthem DDoS Service owner sentenced

Downthem DDoS service owner gets a 2-year prison sentence

June 30, 2022
Cloudflare record breaking DDoS

Cloudflare Stops Record-Breaking DDoS

June 29, 2022
Syslogk Linux Rootkit triggers with magic packets

Syslogk Linux Rootkit triggers with magic packets

June 19, 2022 - Updated on June 20, 2022
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
    • Tools
  • Data Breaches
  • Malware
  • Privacy
  • Contact Us

© 2022 ZeroSecurity, All Rights Reserved.