Re: Major vulnerabilities found in PHP
by "Steen Rabol" <srabol(at)mail.tele.dk>
|
| Date: |
Sat, 2 Mar 2002 09:25:37 +0100 |
| To: |
"Jay Smith" <jay(at)JaySmith.com>,
"hwg-basics" <hwg-basics(at)hwg.org>,
"hwg-techniques" <hwg-techniques(at)hwg.org> |
| References: |
hwg |
| |
todo: View
Thread,
Original
|
|
Old news.... a new veriosn of PHP is available at www.php.net
----- Original Message -----
From: "Jay Smith" <jay(at)JaySmith.com>
To: "hwg-basics" <hwg-basics(at)hwg.org>; "hwg-techniques"
<hwg-techniques(at)hwg.org>
Sent: Friday, March 01, 2002 6:20 PM
Subject: Major vulnerabilities found in PHP
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Since many web folks use PHP for scripting, this may be of interest.
>
> A report in Red Hat's APACHE WEEK Issue 285: 1st March 2002, says....
>
> "Major flaws have been found in the popular PHP scripting language
> commonly used with Apache web servers. These flaws have been found
> in the way PHP handles multipart/form-data POST requests. Each of
> these flaws could allow an attacker to execute arbitrary code on
> the remote system. All versions of PHP from 3.10 to 3.18 as well as
> 4.0.1 to 4.0.6 are vulnerable."
>
> The article goes on to describe the necessary course of action to fix
> the problems.
>
> Since APACHE WEEK is copyrighted, I am not sure that I have the
> "right" to post their fixes information.
>
> The APACHE WEEK website is
> http://www.apacheweek.com/
> and it appears to have the necessary information on it.
>
> To subscribe to APACHE WEEK, you can go to;
> https://listman.redhat.com/mailman/listinfo/apacheweek
>
> --
> Jay Smith
>
> e-mail: Jay(at)JaySmith.com mailto:Jay(at)JaySmith.com
> website: http://www.JaySmith.com
>
> Jay Smith & Associates
> P.O. Box 650
> Snow Camp, NC 27349 USA
>
> Phone: Int+US+336-376-9991
> Toll-Free Phone in US & Canada:
> 1-800-447-8267
> Fax: Int+US+336-376-6750
>
>
HTML: hwg-basics mailing list archives,
maintained by Webmasters @ IWA