If you are running php-cgi, there is a major vulnerability that will allow attackers to view and run PHP source code on your site.
Resources on the vulnerability:
http://blog.spiderlabs.com/2012/05/honeypot-alert-active-exploit-attempts-for-php-cgi-vuln.html
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- Many nginx setups use php-cgi, so it is critical to patch PHP to the latest version or apply the recommended fixes through Apache Rewrite.
- Mod_php and php-fpm systems are not vulnerable to this attack. Most Apache web server setups use the mod_php method for PHP.
If you are running an older version of PHP and cannot update to 5.3, you can try using Apache rewrite rules. Here’s what the PHP site recommends:
One way to address these CGI issues is to reject the request if the query string contains a ‘-‘ and no ‘=’. It can be done using Apache’s mod_rewrite like this:
RewriteCond %{QUERY_STRING} ^[^=]*$ RewriteCond %{QUERY_STRING} %2d|\- [NC] RewriteRule .? - [F,L]
There is also a PHP buffer overflow vulnerability in 5.4 that is addressed in the patch. http://www.php.net/archive/2012.php#id2012-05-08-1
