Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| February 13, 2009 | | The PHP Safe Mode Restriction-Bypass Vulnerability is now supported in the Cenzic Web Server SmartAttack | As of February 13, 2009, Cenzic now protects against the PHP 'safe_mode' restriction-bypass vulnerability (BugtraqID ID 32383). PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits allows an attacker to write files in unauthorized locations. This is an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other. PHP version 5.2.6 is affected.
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
