By Pia Heikkila, 23 July 2002 11:46
NEWS US security researchers have found a serious vulnerability in server scripting software PHP. The US-based security research laboratory Cert has found a vulnerability in PHP which could allow a remote attacker to execute arbitrary code or crash the PHP or web server. Cert said versions 4.2.0 or 4.2.1 of PHP are both vulnerable. Cert warned: "The vulnerability occurs in the portion of PHP code responsible for handling file uploads, specifically multipart/form-data. By sending a specially crafted Post request to the web server, an attacker can corrupt the internal data structures used by PHP. Specifically, an intruder can cause an improperly initialized memory structure to be freed." Cert said worried IT professionals should contact their vendor to apply a patch. More information can be found at: http://www.cert.org/advisories/CA-2002-21.html
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below