RSS Feed
News
Jan
7
Critical issue is fixed in PHP 5.3.5 and 5.2.17 (32-bit systems)
Posted by Esvon Support on 07 January 2011 05:36 PM
Hi there,

Referring to: http://bugs.php.net/53632

PHP 5.3.5 and 5.2.17 were released quickly to address critical bug discovered on 30/12/2010, looks like the earlier PHP versions on 32-bit systems are vulnerable to simple Denial of Service attack by remote user which will bring your server to its knees (exhaust server's CPU resources).

Solution: install patch or the latest PHP version (we recommend 5.2.17 for compatibility's sake).

As the temporary solution you can use the following mod_security rule:
SecRule QUERY_STRING "\d+e\-\d+" "phase:2,deny,status:403"

Sincere wishes
to 100% uptime of your websites

------
The Esvon Team

Comments (0)
Help Desk Software by Kayako Fusion