Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| January 16, 2009 | | PHP Buffer Overflow Vulnerability is now supported in the Cenzic Web Server SmartAttack | On January 16, 2009, Cenzic now protects against the PHP ‘popen()’ Function Buffer Overflow Vulnerability (BugtraqID ID 33216). PHP is prone to a Buffer Overflow Vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. An attacker can exploit this issue to execute arbitrary machine code in the context of the affected Web server. Failed exploit attempts will likely crash the Web server, denying service to legitimate users.
PHP 5.2.8 and prior versions are vulnerable. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
