Mitigation of following PHP vunerability
Posted: Thu Feb 04, 2010 5:30 am
HI,
I am being pushed hard by corporate because the instance of PHP we run is 5.2.9 and there are reported security concerns for anything below 5.2.12. I have justified our instance is secure in the majority of security fixes that have been done since 5.2.9 but I am left with this one:
http://web.nvd.nist.gov/view/vuln/detai ... -2009-4143
To be quite frank I am confused as ot what exactly the vunerability is and what steps need to be taken or what measures need ot be in place to mitigate the risk from this?
Could someone who mau know more about this than I please offer advice as to steps to mitigate or define a scenario where this is not a problem? I'm failing to understand what the problem actually is, perhaps I am missing the obvious...
Thanks for any help.
Regards
Jim
I am being pushed hard by corporate because the instance of PHP we run is 5.2.9 and there are reported security concerns for anything below 5.2.12. I have justified our instance is secure in the majority of security fixes that have been done since 5.2.9 but I am left with this one:
http://web.nvd.nist.gov/view/vuln/detai ... -2009-4143
To be quite frank I am confused as ot what exactly the vunerability is and what steps need to be taken or what measures need ot be in place to mitigate the risk from this?
Could someone who mau know more about this than I please offer advice as to steps to mitigate or define a scenario where this is not a problem? I'm failing to understand what the problem actually is, perhaps I am missing the obvious...
Thanks for any help.
Regards
Jim