Skip navigation


warning: Creating default object from empty value in /var/www/vhosts/ on line 33.

wiredmikey writes "On Wednesday, a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition. 'When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution,' a CERT explains. PHP developers pushed a fix for the flaw, resulting in the release of PHP 5.3.12 and 5.4.2, but as it turns out it didn't actually remove the vulnerability."

Share on Google+

Read more of this story at Slashdot.

Your rating: None

The Apache Software Foundation has announced the release of version 2.4 of its namesake Apache HTTP Server. The new version is the first major release for Apache since 2005. During that time several new servers, including the increasingly popular Nginx server, have emerged to challenge Apache’s dominance. However, while Nginx may have surpassed Microsoft IIS to become the second most used server on the web, it still trails well behind Apache, which powers nearly 400 million web sites.

To upgrade your servers to the latest release, head over to the Apache HTTP Server Project and download a copy of Apache 2.4.

Much of the focus in Apache 2.4 is on performance. The Apache Software Foundation blog touts reduced memory usage and better concurrency among the improvements in this release. Apache 2.4 also offers better support for asynchronous read/write operations and much more powerful Multi-Processing Module (MPM) support. Multiple MPMs can now be built as loadable modules at compile time and the MPM of choice can be configured at run time, making Apache 2.4 considerably more flexible than its predecessors.

There have also been numerous updates for Apache’s various modules, as well as a host of new modules that are available with this release — including mod_proxy_fcgi, a FastCGI protocol backend for mod_proxy.

For a complete rundown of everything that’s new in Apache 2.4, be sure to check out the documentation.

Your rating: None