Scripting flaw threatens Web servers
A flaw found in newer versions of the PHP Web server scripting language could allow attackers to crash, and in some cases control, computers over the Internet, an open-source developer group announced Monday. The vulnerability affects versions 4.2.0 and 4.2.1 of PHP, according to the PHP Group. The flaw occurs because of a problem in the way PHP handles the memory allocated for data recovered from customer forms on Web pages. Such data is known as POST data, after the HTTP command name, and could be formatted by an attacker in a way to compromise the Web server.
The link for this article located at CNET is no longer available.