[CentOS] PHP vulnerability CVE-2016-4073

21 Sep 2016


      Hello,
My server with CentOS 6.8 just failed PCI scan, so I'm looking into
vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of
them are fixed/patched or have some kind of workaround. But I can't find
a way to fix this one. Red Hat state: under investigation.
https://access.redhat.com/security/cve/cve-2016-4073
This CVE is 6 months old, and it doesn't look like it will be fixed.
Does anyone knows the way to go around this? Except blocking mb_strcut()
function.
Thanks!

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[CentOS] PHP vulnerability CVE-2016-4073