phpbar.de - Mailinglisten-Archive

Mailinglisten-Archive

[php] [securityfocus] PHP .htaccess vulnerability

Christopher Kunz chris_(at)_starnetworking.net
Tue, 23 Jan 2001 18:28:38 +0100

Previous message: [php] Mysql db nach strings durchsuchen
Next message: [php] [securityfocus] PHP .htaccess vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

was muß ich da im aktuellen Securityfocus Newsletter lesen?
-- SNIP --
4. PHP .htaccess Attribute Transfer Vulnerability
BugTraq ID: 2206
Remote: Yes
Date Published: 2001-01-16
Relevant URL:
http://www.securityfocus.com/bid/2206
Summary:

PHP the Personal Home Page software package distributed and maintained by
the PHP Development Team. PHP provides enhanced attributes and added
functionality to web pages.

A problem with the PHP package could allow for unauthorized access to
restricted resources. The problem is specifically in the Apache Module of
the PHP package, and affects the package only when running in combination
with Apache Webserver. Per directory access control is done via the
.htaccess file. However, by generating a custom crafted request, it is
possible to force PHP to serve the next page with the same access control
attributes as the previous accessed page. This problem could allow a
malicious user to access restricted information in an intelligence
gathering attack.
-- SNAP --
Habe ich etwas nicht mitbekommen? Was genau ist da mit "custom crafted
request" gemeint?

Gruß,

--ck

--
WWW http://www.starnetworking.net
_(at)_ chris_(at)_starnetworking.net [Spammer werden anwaltlich abgemahnt!]
T +49 511 1237503   F +49 511 1237505
snail: Laportestrasse 2a, 30449 Hannover

Previous message: [php] Mysql db nach strings durchsuchen
Next message: [php] [securityfocus] PHP .htaccess vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php::bar PHP Wiki - Listenarchive