If you are running php-cgi, there is a major vulnerability that will allow attackers to view and run PHP source code on your site.
Resources on the vulnerability:
http://blog.spiderlabs.com/2012/05/honeypot-alert-active-exploit-attempts-for-php-cgi-vuln.html
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- Many nginx setups use php-cgi, so it is critical to patch PHP to the latest version or apply the recommended fixes through Apache Rewrite.
- Mod_php and php-fpm systems are not vulnerable to this attack. Most Apache web server setups use the mod_php method for PHP.