Contact Us

As opposed to other firms, Megaplan-IT's mission is to build long lasting partnerships with our clients that improves the Security and Compliance assessment process and also lowers cost year after year.

Latest Blog Posts

Our Mission

As opposed to other firms, Megaplan-IT's mission is to build long lasting partnership with our clients that improves the Security and Compliance assessment process and also lowers cost year after year.

PHP CGI Vulnerability May Compromise Your Website

May 09, 2012

phplogo.pngIn response to two known website vulnerabilities, one of which is being actively exploited by hackers, the PHP Group released PHP 5.4.3 and PHP 5.3.13 yesterday. The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311).

Although this issue has been known since last week, initial patches were ineffective and the manual workaround suggested by the PHP developers when releasing the emergency updates was easy to bypass as well. The situation only got worse once the hackers joined in the fun...

The PHP Group has release notes available here along with the PHP 5.4.3 and PHP 5.3.13 patch.

After the first round of patches failed, various monitoring and security firms, such as Sucuri, reported that hackers were suddenly and actively trying to exploit the vulnerability. The attackers first send a malicious query that includes the "-s" php-cgi flag to test if the targeted websites are vulnerable and then proceed to install a backdoor through a query with the "-d" flag. These attacks were ongoing while PHP was simultaneously working to correct the problem.

Megaplan-IT recommends that all Web and server admins who run PHP through php-cgi immediately update to the new PHP 5.4.3 or PHP 5.3.13. An alternative fix is to modify your setup so that it uses the PHP module (mod_php) under the unaffected Apache or FastCGI.

Related Megaplan-IT Services:

Elsewhere on Security Insights:



Tags:
Category:

Please add your bio info through your member profile page, or through your dashboard.


Add Pingback

Please add a comment

You must be logged in to leave a reply. Login »