There is now an unofficial patch out for the wmf flaw but it is currently unavailable. More details at F-Secure’s blog. SANS has a mirrored link of the patch as the original authors website is unavailable, probably because everyone is hitting his site. However, google’s cache of the page that talks about the flaw is available and worth looking at. I’m posting the details into my extended entry in case the google page gets wiped.
Month: January 2006
I was moving a test site to a live site this morning and in doing so added a couple of redirect lines to the htaccess file/ mod rewrite installation to try and move any broken links to the main index.php page. Unfortunately this has somehow broken the website and now every single page ends up with a 302 which firefox displays as “Firefox has detected that the server is redirecting the request for this address in a way that will never complete.”
I’ve removed all the redirections that I can find but for some reason the website is still running the redirection as valid test html pages still get redirected to the php page and then the 302. I think I am going to have to wait until the webservice is restarted but I’ve logged a ticket in the meantime.