Description
** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."
Remediation
References
Related Vulnerabilities
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2016-8612)
Oracle JRE CVE-2013-1540 Vulnerability (CVE-2013-1540)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7859)
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.23)