oss-sec mailing list archives
CVE-Request: apache2-mod_php5 AddHandler content confusion
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 28 Aug 2012 16:08:53 +0200
Hi, So far I have not seen any CVE for the recent "apache2-mod_php5 remote code execution due to multiple extension feature of 'AddHandler's" where you can treat a blah.php.gif as a PHP script due to sloppy configs. [1] Can someone assign a CVE? At the quick look, I cant see who actually discovered this. Sebastian [1] https://bugzilla.novell.com/show_bug.cgi?id=775852 -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- CVE-Request: apache2-mod_php5 AddHandler content confusion Sebastian Krahmer (Aug 28)
- Re: CVE-Request: apache2-mod_php5 AddHandler content confusion Kurt Seifried (Aug 28)