“The Computer Emergency Response Team Coordination
Center (CERT/CC) Wednesday warned of multiple vulnerabilities in
the PHP scripting language which would allow a remote attacker to
execute arbitrary code with the privileges of the PHP process on a
victim’s system.The flaws were discovered and first reported by Stefan Esser of
e-matters, a member of the PHP developer team.PHP is widely used in Web development and can be installed on a
variety of Web servers, including Apache, IIS, Caudium, Netscape
and iPlanet, OmniHTTPd and others. Esser said the vulnerabilities
lie in the php_mime_split function, allowing an attacker to either
execute arbitrary code with the privileges of the Web server or
interrupt normal operations of the Web server.”
internetnews.com: Security Flaws Found in PHP
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis