In older PHP versions, attackers were able to remotely provoke memory errors in certain conditions and thereby execute malicious coding on servers. DoS attacks were also a result. The PHP ChangeLog provides specifications on this.
PHP 7.0.9 and PHP 5.6.24 now close multiple vulnerabilities and thereby protect against these attacks.
The current PHP versions are also protected against the httpoxy vulnerabilities that were known since 2001, but were underestimated up to now. This newly rediscovered vulnerability allows attackers to redirect and read outgoing data traffic from a server using a manipulated HTTP header. Certain versions of PHP, TYPO3, Drupal and Golan are affected. (CVE-2016-5385, CVE-2016-5386)
Automatic Update and Protection at 1&1
We have already activated the current PHP versions for every website at 1&1 Web Hosting. As a result, websites using PHP 7 and PHP 5.6 benefit automatically from the described safety improvements.