Home page logo

bugtraq logo Bugtraq mailing list archives

Re: PHP Security Advisory - Apache Module bugs
From: Javi Polo <javipolo () ONINET ES>
Date: Tue, 16 Jan 2001 10:27:25 +0100

On 12/Jan/2001, Zeev Suraski wrote:

[2] PHP supports the ability to be installed, and yet disabled, by setting
the configuration option 'engine = off'.  Due to a bug in the Apache module
version of PHP, if one or more virtual hosts within a single Apache server
were configured with engine=off, this value could 'propagate' to other
virtual hosts.  Because setting this option to 'off' disables execution of

I've been using for some months this settings (php default off, and then
enabling it in the virtualdomains that I want) and I've had no problem at
all ...

Are there any more known circumstances when it happens ??

Javi Polo - javipolo () ivworlds org - navo - DrSlump
Proud member of the Panda Gey Community (powered by linux)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]