|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
Keywords |
HPSBMA02159,SSRT061238
|
|
Description |
PHP, when used as an Apache 2 module, contains an unspecified flaw in the virtual() function that may allow a malicious user to bypass certain configuration directives (e.g. "safe_mode" and "open_basedir"). This may allow the disclosure of sensitive information, resulting in a loss of confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 4.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
At this time, there is not a 5.0.x version that fixes it.
|
|
Products |
|
PHP
 |
4.4.0 |
5.0.5 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|