|
Family: CGI abuses --> Category: infos
PHP3 Physical Path Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tests for PHP3 Physical Path Disclosure Vulnerability
Detailed Explanation for this Vulnerability Test
PHP3 will reveal the physical path of the
webroot when asked for a non-existent PHP3 file
if it is incorrectly configured. Although printing errors
to the output is useful for debugging applications, this
feature should not be enabled on production servers.
Solution :
In the PHP configuration file change display_errors to 'Off':
display_errors = Off
Reference : http://online.securityfocus.com/archive/1/65078
Reference : http://online.securityfocus.com/archive/101/184240
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|