PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)

Note: This article was originally published at PHPDeveloper on 4 May 2012.
PHPDeveloper

The PHP-Security.net site has two posts related to the recently discovered bug in PHP (hence the new versions) related to the CGI handling in certain server configurations.

In the first they detail more of what the bug is, how it could be exploited and link to the original advisory for the problem. Also included are more details on the issue, including sample avenues of attack.

In the second post they look at the recent PHP release and note that it does not completely rid the language of the problem. They point out that the Rewrite rule that's included in their post (not the one on PHP.net) should be used to prevent this issue from effecting your installations.