According to https://access.redhat.com/articles/1200223, mod_php is not vulnerab... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		peterhu on Sept 25, 2014 \| parent \| context \| favorite \| on: Bash 'shellshock' scan of the Internet According to https://access.redhat.com/articles/1200223, mod_php is not vulnerable.

agwa on Sept 25, 2014 [–]

You're right; thanks! I saw the HTTP_* variables in phpinfo() and assumed they'd be passed on to children through system(), but they actually aren't. In fact the only environment variables passed through look pretty innocuous.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact