Yesterday it was published that the official PHP Git repository was hacked and a RCE Backdoor was committed into the PHP base code.
PHP is one of the popular server-side programming languages to power over 79% of the websites on the Internet, thus making this vulnerability a very critical one.
More information on the disclosed vulnerability can be found here:
The official PHP Git repository was hacked and a RCE Backdoor was committed into the PHP base code.
Cloud WAF customers and On-Prem customers that have “SecureSphere Emergency Feed” (THR feeds) are already protected OOTB.
Below are manual mitigation steps to address this vulnerability (for On-Prem customers):
- Create a new manual dictionary or use an existing one
- Create a new signature (inside the dictionary from the previous step) with the following definition:
PHP Git Server Backdoor - Zerodium
- Search Signature in:
3. Create a new “HTTP Protocol Signatures” policy that uses the dictionary from step 1 and apply it#CloudWAF(formerlyIncapsula)#On-PremisesWAF(formerlySecuresphere)