Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1385

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1385
Last Modified 10 Sep 2008 03:10:24
Published 12 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1385

Summary

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Vulnerable Systems

Operating System

  • Mandrakesoft Mandrake Linux 7.2

Application

  • Php 4.0

  • Php 4.0.1

  • Php 4.0.3

  • Php 4.0.4


References

REDHAT - RHSA-2000:136

XF - php-view-source-code(5939)

BID - 2205

MANDRAKE - MDKSA-2001:013

DEBIAN - DSA-020

BUGTRAQ - 20010112 PHP Security Advisory - Apache Module bugs

CONECTIVA - CLA-2001:373


Last Updated: 27 May 2016 10:36:39