Indusface Total Application Security – PHP Mailer Bug

What is the PHP Bug Mailer Vulnerability?

Dawid Golunski an independent researcher recently uncovered a a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.

CVE Details

• CVE-2016-10033,CVE-2016-10045 

What are the risks?

PHPMailer continues to be the world's most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily. This critical vulnerability on how website handles email and feedback forms millions of website hosted on popular web-publishing platforms such as WordPress,Drupal and Joomla open to attack.

Vulnerability could be used by an unauthenticated remote attacker to achieve remote arbitrary code execution in the context of a web server and could be used to remotely compromise targeted web applications. The vulnerability (CVE-2016-10033) is related to the way websites handle web-based email submission forms using the PHPMailer component. PHP is an (Hypertext Preprocessor) open-source scripting language embedded into website HTML.  Per Golunski all version of PHPMailer released before version 5.2.18 are affected.   

Do I need to worry about it?

A successful exploitation can fully compromise your server, so it requires your immediate attention.

Am I protected with Indusface Web Application Firewall?

The core rule set in the Indusface Web Application Firewall protects you against PHP Bug mailer attacks by default. All our Indusface Total Application Security and WAF customers need not to worry about it.

Will Indusface Web Application Scanning report this vulnerability?

Indusface automated VA scans will include checks for PHP Bug Mailer vulnerability. Similarly, it will also be reported during manual penetration testing.