May 08, 2012

How to patch PHP CGI vulnerability

Fix for people not willing to quit using PHP running under CGI mode on old servers:
Use the following Apache directive in a .htaccess file.
RewriteCond %{QUERY_STRING} ^(%2d |-)[^=]+$ [NC] 
RewriteRule ^(.*) $1? [L]

No comments:

Post a Comment