|
|
Main Menu |
|
|
Please support: |
|
|
A proud member of: |
|
| |
|
Vulnerability in PHP versions 4.2.0 and 4.2.1 |
|
|
admin writes "The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.
PHP contains code for intelligently parsing the headers of HTTP POST requests. The code is used to differentiate between variables and files sent by the user agent in a "multipart/form-data" request. This parser has insufficient input checking, leading to the vulnerability.
The vulnerability is exploitable by anyone who can send HTTP POST requests to an affected web server. Both local and remote users, even from behind firewalls, may be able to gain privileged access."
Note: If you wish to download the latest PHP, please use the UK mirror at http://uk2.php.net.
|
Posted by admin on Monday, July 22, 2002 - 09:00 PM (164 Reads)
Read more... (1694 bytes more) comments?
|
|
|
|
|