This is *only* when using PHP in CGI mode, which is pretty rare nowadays. If you're still using CGI, this is a good time to switch to FastCGI.
Also note it may be that only Apache is affected, from
http://www.hiawatha-webserver.org/weblog/36
Quote:
I took a closer look at the bug report and found that it's not PHP that is vulnerable, but PHP in combination with the webserver (Apache?) used by the bug reporter. When using Hiawatha, you are not vulnerable. Hiawatha does not (of course!!!) add URL parameters to the command line when executing PHP in CGI mode.
|