Nasty remote hole in PHP

Frank Neugebauer writes “PHP is a widely-used general-purpose scripting language that is especially suited
for Web development and can be embedded into HTML.

According to Security Space PHP is the most popular Apache module and is installed
on about 50% of all Apaches worldwide. This figure includes of course only those
servers that are not configured with expose_php=Off.

During a reaudit of the memory_limit problematic it was discovered that it
is possible for a remote attacker to trigger the memory_limit request termination
in places where an interruption is unsafe. This can be abused to execute arbitrary
code on remote PHP servers.”

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR