News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPClasses.org:
PHP Vulnerability May Halt Millions of Servers
January 12, 2012 @ 08:21:55

On the PHPClasses.org blog today there's a new post looking at the security vulnerability that effected not only PHP but lots of other languages making them susceptible to attack from the outside.

In PHP and several other languages used to implement Web applications, arrays are used to store the values of request variables such as $_GET, $_POST, $COOKIE, etc.. IF you receive a request with a large number of request values, until recent versions PHP may run into trouble.

He goes on to explain why there's an issue with the array overloading and what PHP has done in recent releases to help correct the issue - the max_input_vars setting in the php.ini. He also points out that this is not a new issue - it was originally identified back in 2003 (with a video of the original presentation). He points out that the most recent releases of the PHP language have this fix in them and, if at all possible, you should upgrade to protect your applications.

0 comments voice your opinion now!
vulnerability server array overload upgrade


blog comments powered by Disqus

Similar Posts

Nikita Popov: PHP's new hashtable implementation

SitePoint PHP Blog: How to Make WordPress Easier for Clients, Part 1: Custom Branding

FrSIRT Advisory: P-News Arbitrary PHP File Upload and Remote Information Disclosure Vulnerabilities

PHPClasses.org Blog: Sending e-mail using [Remote] SMTP servers/MIME Email

Matthew Weir O'Phinney's Blog: Overloading arrays in PHP 5.2.0


Community Events

Don't see your event here?
Let us know!


performance introduction library application release php7 example framework opinion series symfony2 voicesoftheelephpant interview api community laravel podcast version composer testing

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework