Apache Alert

Discussion in 'Mac Apps and Mac App Store' started by Supa_Fly, Mar 2, 2003.

  1. Supa_Fly macrumors 68030

    Supa_Fly

    Joined:
    May 30, 2002
    Location:
    Toronto, Ontario, Canada
    #1
    Hello dear friends.

    I found this little tidbit on the O'Reilly.net network regarding PHP and Apache. thought you would all like to know, yes its dated Feb 24/03.


    "mod_php
    Version 4.3.0 of the Apache PHP module mod_php contains a bug in the code that handles the command line option --enable-force-cgi-redirect and the php.ini option cgi.force_redirect. An attacker can exploit this bug to arbitrarily access any file on the system that is readable by the user running the web server. Under some conditions, the attacker may be able to execute arbitrary PHP code if they can inject it into a file readable by the web server (for example, the web server's log files).

    The PHP Group has released version 4.3.1 of PHP. Users of binary packages should watch their vendor for an update and should consider disabling mod_php until it has been repaired. "
     
  2. sparkleytone macrumors 68020

    sparkleytone

    Joined:
    Oct 28, 2001
    Location:
    Greensboro, NC

Share This Page