Safety Critical Flaw is Found in PHP

A failure recently found in PHP and released to the public by mistake can leave any page in the open server to insert malicious code. The vulnerability, which affects only servers running PHP in CGI mode, was discovered by a team of hackers during a competition.
The essence of the failure is that today you can call PHP parameters by direct URL. For example, to access the address http: //localhost/index.php -s, the server execute PHP with the -s parameter, which displays the file’s source code, and not the HTML generated by it. That alone would be enough problem (after all, it is common to enter data such as database passwords in the source code), but the team that discovered the flaw also realized that it also allows you to insert malicious code into the file and run it.
Findings of this type are usually sent to the developers to first solve the problem and release an update for only then vehicles announced the failure and correction, but by human error bug was accidentally sent to “public” in the bug system PHP .
Although the development team has already released a patch, there is information that they do not completely solve the problem. The ideal is to use PHP otherwise not in CGI mode (FastCGI mode in this failure does not happen) or add a rule to the Apache block URLs with “-” in the .htaccess file, thus avoiding the use of PHP parameters . The rule is the one below:
RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC]
RewriteRule ^(.*) $1? [L]
A new update due out soon, now with a more efficient correction. Until then, great care is.
 

Gallery

Critical flaw found in popular PHP library

Critical flaw found in popular PHP library

Source: www.vcwsecurity.com

skysun’s Chennai Thread – Page 25

skysun's Chennai Thread - Page 25

Source: www.skyscrapercity.com

Report: Over 80% of mobile apps have crypto flaws

Report: Over 80% of mobile apps have crypto flaws

Source: www.csoonline.com

php security – The Hacker News

php security – The Hacker News

Source: thehackernews.com

Hospital flaws found, but perils little publicized

Hospital flaws found, but perils little publicized

Source: www.sfgate.com

Critical Flaws Found: Latest news, Breaking headlines and …

Critical Flaws Found: Latest news, Breaking headlines and ...

Source: www.scoopnest.com

Critical Flaws Found: Latest news, Breaking headlines and …

Critical Flaws Found: Latest news, Breaking headlines and ...

Source: www.scoopnest.com

Critical Vulnerabilities Found in PhpStorm, Immediate …

Critical Vulnerabilities Found in PhpStorm, Immediate ...

Source: wptavern.com

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

Source: thehackernews.com

Critical Flaws Found: Latest news, Breaking headlines and …

Critical Flaws Found: Latest news, Breaking headlines and ...

Source: www.scoopnest.com

Critical flaw in PHPMailer library puts millions of …

Critical flaw in PHPMailer library puts millions of ...

Source: www.pcworld.co.nz

Atm Software

Atm Software

Source: atmnetwork.co

CheckPoint experts spotted Three Critical 0-Day in PHP …

CheckPoint experts spotted Three Critical 0-Day in PHP ...

Source: securityaffairs.co

Multiple Flaws Found in Critical Nuclear Monitoring …

Multiple Flaws Found in Critical Nuclear Monitoring ...

Source: www.infosecurity-magazine.com

Exposing SCADA Systems With Shodan | Threatpost

Exposing SCADA Systems With Shodan | Threatpost

Source: threatpost.com

Ooops. Apple’s fix for macOS login flaw breaks file …

Ooops. Apple's fix for macOS login flaw breaks file ...

Source: www.mysanantonio.com

Safe browsing checks fail as 16,000 WordPress sites hacked …

Safe browsing checks fail as 16,000 WordPress sites hacked ...

Source: www.theregister.co.uk

OpenSSL Receives Nine Security Fixes

OpenSSL Receives Nine Security Fixes

Source: news.softpedia.com

CVE-2016-4010 -A critical bug can fully compromise a …

CVE-2016-4010 -A critical bug can fully compromise a ...

Source: securityaffairs.co

Flaw In Symfony Allows Unauthorized Access To Web Apps …

Flaw In Symfony Allows Unauthorized Access To Web Apps ...

Source: www.effecthacking.com