"Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser.I'm merely being the information inspector here - source being a Zend newsletter.
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds."
Wednesday, January 12, 2011
Fix your PHP!
The exclamation should be taken to its intended effect. A critical PHP vulnerability was identified in the PHP engine (PHP 5.3.4) - which allows an easy, creative, orchestrated DDoS attack. This affects both Windows and Linux. VERY SERIOUS.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment