Linux Today: Linux News On Internet Time.

Yahoo!/CNET News: Scripting flaw ripe for Web worm

Mar 05, 2002, 02:34 (8 Talkback[s])
(Other stories by Robert Lemos)
"As previously reported by CNET News.com, the flaws occur in server modules using the PHP Web scripting language. PHP originally stood for Personal Homepage, but as the language's functionality increased, the name was changed to PHP: Hypertext Preprocessor to better reflect its general usage. The language is widely used among sites built on open-source software and allows such sites to create Web pages on the fly.

David Dittrich, senior security engineer at the University of Washington, stressed that while the technical nature of the flaws would make creating a worm more difficult, the Net is rife with groups that have the wherewithal and knowledge to pull off the job.

'It's just a matter of time before someone does a worm,' Dittrich said, adding that systems administrators who have Web sites running a flawed version of PHP should patch their version as soon as possible."

Complete Story

Related Stories: