PHP patch quick but inadequate

Posted by Scott_Ruecker on May 4, 2012 8:57 PM EDT
Mail this story
Print this story

The updates to PHP versions 5.3.12 and 5.4.2 released on Thursday do not fully resolve the vulnerability that was accidentally disclosed on Reddit, according to the discoverer of the flaw. The bug in the way CGI and PHP interact with each other leads to a situation where attackers can execute code on affected servers. The issue remained undiscovered for eight years.

Full Story

» Read more about: Groups: PHP; Story Type: News Story

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.