Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	First iPhone worm spreads Rick Astley wallpaper
•	Four reasons to buy (and one reason to avoid) the Droid
•	Stimulus for tech and telecom $3B, but jobs still guesswork
•	Cisco MARS shuts out new third-party security devices
•	Verizon Droid buzz muted in Boston
•	Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
•	Cloud computing, virtualization proponents getting antsy
•	Data center start-up offers energy saving software
•
•	Vendors scrambling to fix bug in Net's security
•	Judge dismisses lawsuit challenging Gartner's Magic Quadrant
•	Boston Celtics clamp down on spam
•	Cloud computing inevitable? Not so fast, educator says
•	Blue Coat slashes staff, buys S7 services company
•	Apple seeks new sheriff to lock up iPhones
•	More breaking news

Security /

PHP holes leave Web servers open to attack

By Laura Rohde
IDG News Service, 02/28/02

Hackers could exploit vulnerabilities in the open source scripting language PHP to execute arbitrary code on Web servers running PHP, security experts said on Wednesday.

PHP is a server-side scripting language often used by Web programmers to dynamically create HTML pages.

Vulnerabilities in code used to upload files to the server from a user's PC via a Web page could allow an intruder to execute arbitrary code with the privileges of the PHP process or to interrupt normal operations of the Web server, the Computer Emergency Response Team (CERT) said in an advisory. PHP can be installed on Web servers such as Apache, IIS, Caudium, iPlanet and OmniHTTPd, CERT said.

According to a warning posted by Stefan Esser of the German Web-design and security company e-matters, he and his team found several flaws in the "php_mime_split" function used by PHP to handle multipart/form-data POST requests.

CERT recommends that users upgrade to the newest version, PHP 4.1.2, or apply patches to older versions.

PHP is an open source project of the Apache Software Foundation, which also issued a warning and patches for the software at its PHP support site.

PHP is included with many distributions of the Linux open-source operating system. Linux developers Red Hat and MandrakeSoft have been made aware of the holes in PHP and are working to eradicate the problems as well as offer patches for their customers, CERT said.

The IDG News Service is a Network World affiliate.

RELATED LINKS

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.