PHP exploit - any recommendations to block?

http://www.securityweek.com/official-fix-php-flaw-easily-bypassed-researchers-say

Not pretty. Not pretty at all.

  • aecnu
    • WP Unicorn

    Greetings David,

    Thank you for letting us know about this exploit, at least letting the other members know though most will not have hosting that this will make a difference on - meaning they cannot change the php configuration.

    On my servers I run them in a suPHP and suEXEC which certainly makes them immune from this specific threat and this threat is also related to a specific configuration and I quote:
    When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed ....

    The fix is simple, do not configure your server with the Apache mod_cgid for php or more commonly known as plain old "cgi mode".

    Cheers, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.