PHP-CGI remote code execution bug

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PHP-CGI remote code execution bug

Berg, Leandros van den [FGSBV]
Hi Everyone,

Does anybody know to what extent the PHP-CGI remote code execution bug
found by Eindbazen
(http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/), which is
not solved by the latest PHP update
(http://www.php.net/archive/2012.php#id2012-05-06-1), affects MapGuide
Open Source 2.2?

Kind regards,

Leandros
_______________________________________________
mapguide-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: PHP-CGI remote code execution bug

Jackie Ng
The PHP bundled with MGOS 2.2 uses ISAPI and Apache modules for IIS and Apache respectively.

However, it does look like IIS configuration for MGOS 2.4 is affected by this.

- Jackie