A flaw in the common open-source scripting language PHP could allow attackers to crash or compromise a hefty fraction of the nine million servers running the open-source Web software Apache, as well as other Web servers. A member of the PHP engineering team warned Web developers of the software flaws in an advisory on Wednesday, but security experts believe that while some in the Internet underground have tools to exploit the flaw, few people have the resources.. . .

A flaw in the common open-source scripting language PHP could allow attackers to crash or compromise a hefty fraction of the nine million servers running the open-source Web software Apache, as well as other Web servers. A member of the PHP engineering team warned Web developers of the software flaws in an advisory on Wednesday, but security experts believe that while some in the Internet underground have tools to exploit the flaw, few people have the resources.

"It is not really easy to execute," said Johannes Ullrich, chief technology officer for the SANS (System Administration, Networking, and Security) Internet Storm Center, who obtained a program file that illustrates the vulnerability.

A handful of holes appear in different versions of PHP, a scripting language that can be installed on many different Web servers--including Apache, Microsoft's Internet Information Server and iPlanet--allowing them to create Web pages on the fly from a database of information.

The link for this article located at ZDNet is no longer available.