|
|
Family: CGI abuses --> Category: attack
PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tests for PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
Detailed Explanation for this Vulnerability Test
A configuration vulnerability exists for PHP.EXE cgi running on Apache
for Win32 platforms. It is reported that the installation text recommends
configuration options in httpd.conf that create a security vulnerability,
allowing arbitrary files to be read from the host running PHP. Remote users
can directly execute the PHP binary:
http://www.somehost.com/php/php.exe?c:\winnt\win.ini
Solution: Obtain the latest version from http://www.php.net
References:
http://www.securitytracker.com/alerts/2002/Jan/1003104.html
http://www.php.net
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
