Hi,
On Thu, Mar 3, 2011 at 12:09 PM, Andrea Venturoli wrote:
> Hello.
>
> As you probably know, it looks like php52 is vulnerable:
>
> Affected package: php52-5.2.17
> Type of problem: php -- NULL byte poisoning.
> Reference:
> http://portaudit.FreeBSD.org/3761df02-0f9c-11e0-becc-0022156e8794.htm
I question the vulnerability. I don't think it applies. the alert is
from 2006, and there isn't a POC I have tested against php52- 5.2.17
with nulls in it that seems to trigger anything but 404 errors.
(please don't try on ours... this is not a challenge. but if you have a
POC, let me know an
Hello.
As you probably know, it looks like php52 is vulnerable:
Affected package: php52-5.2.17
Type of problem: php -- NULL byte poisoning.
Reference:
http://portaudit.FreeBSD.org/3761df02-0f9c-11e0-becc-0022156e8794.html
Is there any news on the horizon?
Will a new version be released and/or
