Slashdot Mirror


PHP Vulnerabilities Announced

Simone Klassen writes "The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now."

2 of 387 comments (clear)

  1. Third-party modules? by flatface · · Score: 5, Interesting

    I read about this yesterday and couldn't find out if mod_security and suPHP are vulnerable to these attacks. With mod_security blocking buffer overflows, "bad" characters, etc. and mod_suphp forcing PHP to run as the user, I don't think that it gives people who run these modules (that) much to worry about.

  2. Why isn't hardened-PHP merged with PHP? by DarkHelmet · · Score: 5, Interesting
    I know this is just a thought, but why aren't the changes within Hardened-PHP within the actual version of PHP that's on the site.

    Their implementation of memory checking seems to be sane and valid for all installs. So why are most of us running vanilla like this?

    Just a thought.

    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i