login community faq

Eindbazen PHP-CGI vulnerability (CVE-2012-2311)

0

Seems to be that the official PHP patch doesn't work. What about Webfaction's own patch? Are webfaction servers (php-cgi) safe now?

Eindbazen source:

  • The new PHP versions as well as the official php patch contain a bug which makes the fix trivial to bypass. Use our mitigations for now.
  • New versions of PHP which incorporate this revised fix will be released soon. The issue that the bug was not initially properly fixed is being tracked as CVE-2012-2311.

asked May 04 '12 at 05:09

wallypally's gravatar image

wallypally
12

edited May 04 '12 at 05:10

One Answer:
oldestnewestmost voted
0

Hi,

We've already deployed our own patch (wrapper that strips the extra arguments). Our servers are safe.

answered May 04 '12 at 05:29

todork's gravatar image

todork
10964

Thanks for your reply.

(May 04 '12 at 06:00) wallypally wallypally's gravatar image
Your answer
If you have an answer to the above question, then use the form below. Otherwise, use the appropriate 'add new comment' button above to post your feedback.
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×150
×24

Asked: May 04 '12 at 05:09

Seen: 816 times

Last updated: May 04 '12 at 06:00

Related questions

Eindbazen PHP-CGI vulnerability (CVE-2012-1823)

Drupal 7 and Webfaction's PDO (or PECL PDO)

upgrade to php 5.3?

Postgres and PHP: SSL Negotiation failed

symbolic link confusion

Listen port of PHP/Apache application?

nginx and apache

How to get my PHP files out of the web application directory?

Serve frontend and backend application from same app folder?

sabredav and webfaction for webdav access

Plans & prices    Sign up    Why WebFaction?    Contact us    Affiliate program    Support    Legal    Jobs    Blog    Control panel login
Powered by OSQA
© Copyright 2003-2012 Swarma Limited - WebFaction is a service of Swarma Limited