Unpatched servers still enabling exploitation of PHP vulnerability

Technology News

server room

PHP vulnerability originally disclosed in March 2012 – and revised in October 2013 after a hacker found an easier way to take advantage of the exploit – is still impacting users after all these years, according to researchers with Imperva.

The reason why is simple: people are not patching the vulnerability, Barry Shteiman, director of security strategy with Imperva, told SCMagazine.com on Wednesday.

More than 80 percent of all websites on the internet are written in the server-side scripting and general-purpose programming language, he said, adding that about 16 percent of those sites are vulnerable to the exploit.

About 244 million websites use PHP, according to usage stats provided by Netcraft for January 2013.

“The vulnerability enables a remote attacker to execute arbitrary commands on a web server with PHP versions 5.4.x, 5.3.x before 5.4.2 or 5.3.12.,” according to an Imperva advisory posted on Tuesday. “The simple, straightforward explanation is…

View original post 198 more words


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s