Thread: Security Critical open hole in PHP creates risks
View Single Post
  #2   (View Single Post)  
Old 4th May 2012
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
  
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default
This is *only* when using PHP in CGI mode, which is pretty rare nowadays. If you're still using CGI, this is a good time to switch to FastCGI.

Also note it may be that only Apache is affected, from http://www.hiawatha-webserver.org/weblog/36

Quote:
I took a closer look at the bug report and found that it's not PHP that is vulnerable, but PHP in combination with the webserver (Apache?) used by the bug reporter. When using Hiawatha, you are not vulnerable. Hiawatha does not (of course!!!) add URL parameters to the command line when executing PHP in CGI mode.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote