News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP.net:
PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)
May 07, 2012 @ 09:03:59

The PHP.net site as new post with some supplemental information for those users of the PHP CGI that might be effected by the recently announced bug, the reason for the most recent release. Unfortunately, this patch only fixes some of the cases of the problem, so they've amended their instructions to included a more effective mod_rewrite rule to help protect your applications.

PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected.

The rewrite rule is there in the post, ready for copy and pasting into your config. Even if you're running the latest PHP 5.3.12 and 5.4.2., be sure to use this rule as a stop-gap measure for now. Another release is planned for tomorrow to fully correct the CGI flaw.

0 comments voice your opinion now!
cgi flaw bug rewrite rule protect release


blog comments powered by Disqus

Similar Posts

Toomas Romer's Blog: SoC - Next Release Is Out (Eclipse Plugins in Php)

Zend Developer Zone: Zend Framework 1.0.0RC2 Released

Christian Wenz's Blog: WSO2 Web Services Framework (WSF)/PHP v1.0.0 Released

Chuck Burgess' Blog: Next Bug Triage Days for PEAR

Zend Developer Zone: Zend Framework 1.0.4 Stable and 1.5RC1 Released


Community Events





Don't see your event here?
Let us know!


framework zendserver laravel community tips series install list opinion podcast library api package update symfony deployment release introduction language interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework