Recently researchers at "Check Point" have uncovered 3 new previously unknown vulnerabilities in the new version of PHP. CVE-2016-7479 and CVE-2016-7480 could result in attackers taking a full control of the target server, while CVE-2016-7478 causes a Denial of Service condition resulting in server hang.
Those vulnerabilities are related to triggering unwanted behaviour when PHP un-serializes objects. Such malicious objects might be sent to any PHP application as HTTP parameter, cookie or header values.
Mitigation with Big-IP ASM
BigIP-ASM customers are already protected against the new 0-days, while the attack will be detected and blocked by existing "Server Side Code Injection" signatures, specifically: