On Sat, Jul 20, 2002 at 08:45:17PM -0500, Matthew Murphy wrote: > The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on > configuration) that implements an HTML-embedded script language. A > vulnerability in PHP can be used to cause a denial of service in some cases. [cut] > Exploit: http://www.murphy.101main.net/php-apache.c > this does not apply when the php interpreter is dynamically loaded by apache using the DSO interface (or whatever dynamic loading interface of whatever web server). and afaik this is a more common approach when dealing with unix web servers. best regards, vjt -- pub 1024D/5201DC33 2002-01-24 vjt <vjt@users.sf.net> Key fingerprint = C80A DC06 E81C 4613 236B 833F C2C6 009F 5201 DC33 http://bahamut-inet6.sourceforge.net/vjt.asc
Attachment:
pgp00176.pgp
Description: PGP signature
