This is not a new vulnerability. In fact, he was introduced long ago in 2003. By the time it seems that only Perl and cruby developers turned to the issue. Most other developers do not care about the language question, including PHP. So it’s basically a rehash of an old problem.This time, security researchers mentioned above contacted several developers of language on November 1, 2011. Not all language developers have decided to give a quick response. PHP developers come in the form of a patch for PHP 5.3.9 RC 4 and PHP 5.4.0 RC 4, which adds new configuration options in php.ini behalf max_input_vars.Max_input_vars option limits the number of query variables that PHP will accept.This means that if your server receives an HTTP request with more than a specified number of GET, POST, COOKIE and other variables, the values ??are ignored.It really does not avoid the whole problem of a hash collision, but at least to minimize the unpleasant consequences of a possible default option.The default value of max_input_vars in 1000, but after upgrading to PHP 5.3.9 which has just been released, or PHP 5.4.0, which is expected to be released in a few weeks, I recommend you lower this value of the option on, as most Web applications do not need to handle so many variables request.