Tweet
There is a PHP-CGI bug that allows for remote code execution. It affects up to and including the current release of the 5 branch. PHP 5.3.12 and 5.4.2 were released to patch the bug.
We just got wind of this an hour or so ago and have been mitigating this bug on all of our web servers running PHP in the event someone uses mod_cgi for PHP.
Also, if you have your own hosted domain, odds are that you are vulnerable if it allows php-cgi. There is a method to mitigate the bug on your domain's virtual host even if you don't have root access on your web server.
We just got wind of this an hour or so ago and have been mitigating this bug on all of our web servers running PHP in the event someone uses mod_cgi for PHP.
Also, if you have your own hosted domain, odds are that you are vulnerable if it allows php-cgi. There is a method to mitigate the bug on your domain's virtual host even if you don't have root access on your web server.
