The PHP development team addressed CVE-2011-4885 in PHP 5.3.9, which was released on Jan. 10. “The fix for the Hash Collision DoS introduced a new directive (max_input_vars) ...

PHP 5.3.9 along with any older versions for which the hash collision DoS patch was backported, are affected, Eiram said.

A similar exploit for the PHP version would not be hard to produce. “All users are strongly encouraged to upgrade to PHP 5.3.9,” the platform’s developers said.