Secunia

Customer Area icon help

Need help?

Try CSI

Download PSI icon Scan now

Scan Now

Community

Advisories

Database Search Advisories by Product Advisories by Vendor Terminology Report vulnerability

Research Forum My Profile Our Commitment

Community Login

Register now
Forgot password?

Secunia Advisory SA10818

PHP Configuration Leakage Vulnerability

Secunia Advisory

SA10818

DOWNLOAD CSI

DOWNLOAD PSI

Release Date

2004-02-09

Last Update

2005-03-02

Popularity

11,330 views

Comments

0 comments

Criticality level

Less critical

Impact

Security Bypass
Exposure of sensitive information

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Software:

PHP 4.3.x

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

No CVE references.

Description
A vulnerability has been identified in PHP, potentially allowing malicious people to view sensitive data or bypass an administrative restriction.

The problem arises on systems serving multiple virtual hosts using the Apache web server. Administratively configured settings from one virtual host may be applied (leaked) to other virtual hosts if the same Apache child process is used to access the different virtual hosts.

This can reportedly be exploited to view the source of PHP files, overwrite "register_globals" settings and more. Other vulnerabilities may potentially also be exploited via this issue.

The vulnerability has been reported in PHP version 4.3.4 and prior.

Solution
The vulnerability has been fixed in PHP 4.3.5 and later.
Further details available in Customer Area

Provided and/or discovered by
Reported by multiple individuals (see the original bug reports for details).

Changelog
Further details available in Customer Area

Original Advisory
http://bugs.php.net/bug.php?id=25753

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: PHP Configuration Leakage Vulnerability

No posts yet

You must be logged in to post a comment.

Latest advisories

New advisories: 9
New vulnerabilities: 9
Updated advisories: 18

281 views
XnView DICOM Parsing Integer Overflow Vulnerability

48 views
Apache HTTP Server "mod_isapi" Module Unloading Vulnerability

77 views
Jevci Siparis Formu Database Disclosure Security Issue

101 views
Employee Timeclock Software Multiple Vulnerabilities

95 views
Kandidat CMS "contentcenter" Cross-Site Scripting Vulnerability

97 views
MH Products Kleinanzeigenmarkt "c" SQL Injection Vulnerability

87 views
Fedora update for samba

119 views
NUs Newssystem "id" SQL Injection Vulnerability

109 views
Debian update for tdiary

See all