PHP Remote Exploit -- Information and Hotfix
- January 05, 2011
A critical vulnerability in the PHP engine has been identified on January 3, 2011. This exploit is significant because most PHP applications on impacted systems can become remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability (see below).
Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser. (See here for more information.)
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.
|Linux (using 32-bit PHP build)
|Linux (using 64-bit PHP build)
Zend Server and Zend Server CE users should immediately apply the security hotfix.
Hotfixes for Zend Core and Zend Server CE tarball installer are currently being finalized and will be made available soon.
PHP user who isn't using Zend Server?
See PHP.net for more information, or switch to the free Zend Server CE with the hotfix mentioned above.
This content is syndicated. Click here to read the original content on Zend