Gentoo: GLSA-200402-01 Normal: PHP Setting Leak in Apache Virtual Hosts
gentoo
February 7, 2004
If the server configuration "php.ini" file has "register_globals = on" and a request is made to one virtual host (which has "php_admin_flag register_globals off") and the next requ...
Summary
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gentoo Linux Security Advisory GLSA 200402-01 ~ https://security.gentoo.org/
~ Severity: Normal ~ Title: PHP setting leaks from .htaccess files on virtual hosts ~ Date: February 07, 2004 ~ Bugs: #39952 ~ ID: 200402-01
Synopsis ======= If the server configuration "php.ini" file has "register_globals = on" and a request is made to one virtual host (which has "php_admin_flag register_globals off") and the next request is sent to the another virtual host (which does not have the setting) through the same apache child, the setting will persist. This may lead to leaks of global variables.
Background ========= PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
========== If the server configuration "php.ini" file has "register_globals = on" and a request is made to one virtu...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!