HZFQ.COM
welcome to my space
X
Welcome to:hzfq.com
Search:  
NAVIGATION: Home >>
PHP Plugs Security Hole
Published by: jack 2008-11-20

The PHP Group has released a new PHP version to fix a "serious security vulnerability" that could lead to arbitrary code execution.

PHP, a project of the Apache Software Foundation, said it released the new version 4.3.1 to squash a bug in the CGI SAPI of an earlier version.

"Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs," the group warned, noting that the bug does not affect any other SAPI modules like Apache or ISAPI.

SecuriTeam Blogs » Exploiting Google for Phishing::
Security RSS Subscribe Leading Security Blog Subscribe iPhone Key Leak · Top Ten Web Hacks of 2007 results are out · "php shell script on my server"
http://blogs.securiteam.com/index.php/archives/604HOME

It warned that a remote attacker could also trick PHP into executing arbitrary PHP code if the intruder is able to inject the code into files accessible by the CGI. For example, PHP said the could be the Web server access-logs.

Musings of a code slave » PHP 4’s last gasp::
Turning off register_globals was done to plug a gaping security hole in PHP; but so many people relied on variables being created automatically from form
http://foundationphp.com/blog/2008/01/03/php-4s-last-gasp/HOME
From ASP to ASP.NET or PHP / PERL::
Jan 28, 2005 BTW, a pretty serious security hole was discovered in .NET. Microsoft published a little piece of code you can use to plug the hole.
http://www.webmasterworld.com/forum47/2434.htmHOME

It said version 4.3.1, which incorporates a fix for the vulnerability, only contains fixes for this specific vulnerability, "so upgrading from 4.3.0 is safe and painless."

The PHP project, created in 1995 by Rasmus Lerdorf, has seen startling usage growth since 1999 and recent adoption by Yahoo has put the general-purpose scripting language in front of an enterprise audience.

It is not the first serious vulnerability in PHP, which ships standard with a number of Web servers, including Red Hat Linux.

Last July, the PHP project issued a patch for an input-checking vulnerability that opened the door for hackers to gain Web server access. That patch corrected the POST parser method in the software standard, which looks at the incoming traffic's headers and allows or rejects the data.




Rambus Sees Logic for the Trees
Web Services Authentication Takes Leap Forward

You are looking at:hzfq.com's PHP Plugs Security Hole, click hzfq.com to home
  • coconut meat calories
  • stop annoying bird
  • are medical services falling apart everywhere
  • booze down under
  • technology used to paint 12 guage shot guns
  • want info on 39 dry storm 39
  • sports participation
  • old sheet music
  • buried alive
  • conflict of laws averages v jungle
  • does the al qaeda have bases in iraq
  • lighting for david copperfield
  • luminol used in forensic science
  • software test under windows 98

  • christmas carol history and meaning
  • engineering publications
  • squatter settlements
  • cia special forces
  • take it with a grain of salt origins
  • boat building in brazil
  • nyt columnist thomas l friedman
  • dollar value
  • insurance medicare allowable rates
  • woman who slept with dead body in uk for number of years in bristol uk
  • obscure lyrics
  • secured credit card from major banks
  • word origin and evolution of use
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about PHP Plugs Security Hole , Please add it free.
     Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
    Copyright© 2008 hzfq.com        Site made:CFZ