ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pannese_Don...@emc.com
Subject XML-RPC security question and Apache implementation
Date Tue, 02 May 2006 19:23:11 GMT

Hello,

Is the Apache implementation of XML-RPC patched in terms of the eval()
security hole?

Here is what I have read at the following site
http://www.us-cert.gov/cas/bulletins/SB05-271.html
<http://www.us-cert.gov/cas/bulletins/SB05-271.html> 

"A vulnerability has been reported in XML-RPC due to insufficient
sanitization of certain XML tags that are nested in parsed documents being
used in an 'eval()' call, which could let a remote malicious user execute
arbitrary PHP code."

TIA,
-Don


Mime
View raw message