Apache Alert

Discussion in 'Mac Apps and Mac App Store' started by Supa_Fly, Mar 2, 2003.

  1. Supa_Fly macrumors 68030


    May 30, 2002
    Toronto, Ontario, Canada
    Hello dear friends.

    I found this little tidbit on the O'Reilly.net network regarding PHP and Apache. thought you would all like to know, yes its dated Feb 24/03.

    Version 4.3.0 of the Apache PHP module mod_php contains a bug in the code that handles the command line option --enable-force-cgi-redirect and the php.ini option cgi.force_redirect. An attacker can exploit this bug to arbitrarily access any file on the system that is readable by the user running the web server. Under some conditions, the attacker may be able to execute arbitrary PHP code if they can inject it into a file readable by the web server (for example, the web server's log files).

    The PHP Group has released version 4.3.1 of PHP. Users of binary packages should watch their vendor for an update and should consider disabling mod_php until it has been repaired. "
  2. sparkleytone macrumors 68020


    Oct 28, 2001
    Greensboro, NC

Share This Page