Wednesday, January 12, 2011

Fix your PHP!

The exclamation should be taken to its intended effect. A critical PHP vulnerability was identified in the PHP engine (PHP 5.3.4) - which allows an easy, creative, orchestrated DDoS attack. This affects both Windows and Linux. VERY SERIOUS.
"Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser.
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds."
I'm merely being the information inspector here - source being a Zend newsletter.

No comments: