News

PHP 4.1.2 Windows (Win32)

w4z004  13-Mar-2002 15:57 5694 Reads   No comments 
With this new release, we introduce 2 new php.ini settings, which MUST be set to make the binary work. It's worth noting, at this point, that this particular fix only applies to the CGI binary. The SAPI module will still work as expected, and it's use is encouraged.

The new settings are:

cgi.force_redirect 0|1
cgi.redirect_status_env ENV_VAR_NAME

WebServers affected by this vulnerability
It is known that Apache (any version) and iPlanet servers are vulnerable to this issue, however Microsoft IIS is not. Since cgi.force_redirect takes a value of either 1 or 0, (on or off) you should set it to 1 if you are running Apache or iPlanet servers, and to 0 for IIS. If you are unsure of which you need, set it to 1 and see if your scripts execute. You will need to stop and restart your server when you change your php.ini file, for the changes to have effect.

if cgi.force_redirect is turned on, and you are not running under Apache or Netscape (iPlanet) web servers, you MAY need to set an environment variable name that PHP will look for to know it is OK to continue execution. Setting this variable MAY cause security issues, so check what you are doing first.

More information can be found here relating to the form upload exploit that caused the release of 4.1.2 initially.


Downloads:

PHP 4.1.2 zip package [5,824Kb] - 12 March 2002
(CGI binary (with security fixes) plus server API versions for Apache, AOLserver, ISAPI and NSAPI. MySQL support built-in, many extensions included, packaged as zip)

PHP 4.1.2 installer [920Kb] - 12 March 2002
(CGI only (with fixes), MySQL support built-in, packaged as Windows installer to install and configure PHP, and automatically configure IIS, PWS and Xitami, with manual configuration for other servers. N.B. no external extensions included)


Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

317 user(s) are online (96 user(s) are browsing Publisher)


Members: 0


Guests: 317


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories