Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Vulnerabilities Announced

Posted by michael on Friday December 17, 2004 @05:20AM from the rated-o-for-overtime dept.

Simone Klassen writes "The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now."

2 of 387 comments (clear)

Min score:

Reason:

Sort:

pack()/unpack() fault by brlewis · 2004-12-17 06:13 · Score: 0, Offtopic

Java serialization and deserialization aren't vulnerable to such attacks, and neither is Scheme's read/write. BRL users needn't worry.
Re:I've said it before, and I'll say it again by daliman · 2004-12-17 14:09 · Score: 0, Offtopic

No, his joke went over your head :)