Technical Articles
F5 SMEs share good practice.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Historic F5 Account

Recently researchers at "Check Point" have uncovered 3 new previously unknown vulnerabilities in the new version of PHP. CVE-2016-7479 and  CVE-2016-7480 could result in attackers taking a full control of the target server, while CVE-2016-7478 causes a Denial of Service condition resulting in server hang. 

Those vulnerabilities are related to triggering unwanted behaviour when PHP un-serializes objects. Such malicious objects might be sent to any PHP application as HTTP parameter, cookie or header values.


Mitigation with Big-IP ASM

BigIP-ASM customers are already protected against the new 0-days, while the attack will be detected and blocked by existing "Server Side Code Injection" signatures, specifically:

  • "PHP object serialization injection attempt (Parameter)" (200004188)
  • "PHP object serialization injection attempt (Header)" (200004189)
  • "PHP object serialization injection attempt (URI)" (200004190)


Following are examples of the blocked attack vectors related to those CVEs and the invoked attack signatures:



Figure 1: Denial of Service attack vector (CVE-2016-7478) blocked with Attack Signature (200004188)



Figure 2: CVE-2016-7479 proof of concept exploit



Figure 3: CVE-2016-7479 POC exploit is being blocked with Attack Signature (200004188)



Figure 4: CVE-2016-7479 "DateInterval" attack vector blocked with Attack Signature (200004188)

Version history
Last update:
‎29-Dec-2016 06:06
Updated by: