Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: PHP < 5.2.3 glob() denial of service
Sep 05 2007 11:05PM
Jonathan Yu (jonathan i yu gmail com)
I haven't used PHP in a long while and I am by no means an expert.
I think that this type of attack is mitigated by the fact that PHP
doesn't support threading (more accurately, PHP modules don't support
threading) - it isn't thread-safe. Thus, if you are running PHP as CGI
or even a mod...
[ more ]
Copyright 2010, SecurityFocus