Skip to content

PHP-CGI Exploit is in the wild. Get protected ASAP.

The vulnerability that sat undetected for 7 years was disclosed last week, but today it has been announced that exploits have been seen in the wild.  They are working on releasing a new patch. This is pretty bad as it’s not exploiting one particular web application, rather, it is exploiting web servers running PHP in general.

The quick fix is to add this to the .htaccess file on your website(s):

RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|- [NC]
RewriteRule .? – [F,L]

Unless you have compiled PHP from source on your web server, you will need to wait for your vendor (Cpanel, WHM, RedHat, CentOS, etc) to release the updated version. I suggest you implement the above .htaccess fix in the meantime.


Edit 5/9/12 12:19PM Eastern:

Most cPanel configurations are protected by default:

Published inRedHatSecurity

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *