RealNews

Hole in PHP Could Give Attacker Server Control

A security hole in the Hypertext Preprocessor (PHP) scripting language used on many Web servers could allow an attacker to execute code on affected systems or even take control of them, according to a security alert released today by The PHP Group. The vulnerability affects PHP 4.2.0 and 4.2.1 and comes as a result of a flaw in the HTTP POST parser component of PHP. The HTTP POST parser is used to differentiate between files and variables sent by users to a Web server through Web forms, according to the alert. Insufficient checking in the parser could allow an attacker to crash the server, execute code or possibly take control of the system, the group said. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.