homepage Welcome to WebmasterWorld Guest from 54.211.95.201
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP Affected by Critical Security Flaw
DaStarBuG




msg:4250163
 5:33 am on Jan 7, 2011 (gmt 0)

An extremely serious security flaw has been discovered in PHP, requiring that all affected servers be updated as a matter of urgency.

The flaw allows a remote webserver running an affected version of PHP to be crashed using nothing more than a URL request.

If you are running a 64 bit version of PHP you are unaffected, but if you are running in 32 bit mode, or you are not sure,
now would be a good time to drop everything and make sure that your server is not vulnerable,
by installing the latest version of PHP either from php.net, or from your own webserver vendor.
Zend Server has a hotfix available already.

php.net
[php.net...]

Zend Server hotfix
[zend.com...]

Due to the massive impact of the flaw and the trivial way in which it can be exploited, news of this bug will spread rapidly so speed is of the essence in getting your server patched.

PHP script to test vulnerability
[php.net...]

Bug report detailing the flaw
[bugs.php.net...]

 

coopster




msg:4252518
 6:44 pm on Jan 12, 2011 (gmt 0)

I just moved this thread in from the Webmaster Hardware forum to the PHP forum, a better home for it. For those experiencing problems with recent updates, please see the release notes in the links above.

jecasc




msg:4252568
 8:27 pm on Jan 12, 2011 (gmt 0)

Ah, that was the reason why my managed server was updated tonight. I am so glad my webhosting company does all this. One thing less to care about.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved