PHP protocol hit again by security flaw

Another critical security flaw has been found in the PHP web service protocol, which could allow remote attackers to take control of servers.

The flaw has been found in the XML-RPC for PHP and PEAR XML_RPC libraries, after similar flaws were found earlier this summer.

XML-based Remote Procedure Call (RPC) systems are used with the HTTP protocol to power web services, and the affected libraries support applications such as content management and blogs.

Download this free guide

Enhancing digital customer engagement with CRM

Learn about customer relationship management has evolved towards engaging with customers through every channel, with digital at the forefront.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Various suppliers that use the affected libraries have already issued fixes to the flaw.

More details on the problem and information on patches are available here:

http://www.hardened-php.net/advisory_142005.66.html