1 |
There is an XSS vulnerability in PHP that affects some stable webapps. |
2 |
Details can be found here: |
3 |
http://www.php-security.org/MOPB/MOPB-08-2007.html |
4 |
|
5 |
I know this affects phpWebSite since there is a phpinfo file in setup. |
6 |
This will be removed upstream. All other apps need checked as well. I'm |
7 |
running PHP Version 5.1.6-pl6-gentoo on my laptop right now and the XSS |
8 |
attack works quite well. Not sure who maintains anything with regard to |
9 |
webapps nowadays. I've come up with no response to several inquiries. |
10 |
Figured everyone on the list would like to secure their servers in the |
11 |
meanwhile. |
12 |
|
13 |
Wendall |
14 |
|
15 |
-- |
16 |
Only wimps use tape backup: _real_ men just upload their important stuff |
17 |
on ftp, and let the rest of the world mirror it ;) |
18 |
-- Linus Torvalds |