Menu
▾
▴
[Phpwebsite-developers] Fwd: Security Notice
|
From: George B. <gbr...@co...> - 2005-07-23 01:53:07
|
I just received the following message from my webhost. Apparently (check http://www.securityfocus.com/bid/14088) all recent versions of phpWebSite up to 0.10.1 are vulnerable. Should I be concerned? If so, are any changes anticipated to deal with this problem? George Begin forwarded message: From: su...@on... Date: July 22, 2005 8:19:50 PM EDT To: gbr...@lu... Cc: gbr...@co... Subject: Security Notice Reply-To: su...@on... Dear George Brackett, Recently, a vulnerability associated with XML-RPC for PHP was discovered and reported to the security information community. The XML-RPC library is used in various content management systems. There is a possibility that a security hole can be introduced through this vulnerability whereby an attacker could execute arbitrary commands as the www user. Among other things, such an attack could lead to unauthorized access to your web files. Most of our customers are not affected by this vulnerability (98% are not at risk), but to be sure you should review the list and link below to see if you are using any of the software mentioned. A partial list includes: (1) WordPress, (2) Serendipity (3) Drupal (4) egroupware (5) MailWatch (6) TikiWiki (7) phpWebSite (8) Ampache To see a full list of vulnerable software please view this link: http://www.securityfocus.com/bid/14088 The only way to fix vulnerable software is to contact the vendor/ provider and check for the availability of a security patch or an upgrade. If you use a content management system that is NOT listed in the report, you are strongly encouraged to contact the vendor/provider to confirm the integrity and safety of the application. We are working toward a global fix for this vulnerability, but in the meantime we urge you to follow the steps above. Sincerely, Support Team, One World Hosting |
