View Single Post
  #2   (View Single Post)  
Old 4th May 2012
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
Join Date: Apr 2008
Location: New Zealand
Posts: 2,201

This is *only* when using PHP in CGI mode, which is pretty rare nowadays. If you're still using CGI, this is a good time to switch to FastCGI.

Also note it may be that only Apache is affected, from

I took a closer look at the bug report and found that it's not PHP that is vulnerable, but PHP in combination with the webserver (Apache?) used by the bug reporter. When using Hiawatha, you are not vulnerable. Hiawatha does not (of course!!!) add URL parameters to the command line when executing PHP in CGI mode.
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote