Home page logo

bugtraq logo Bugtraq mailing list archives

Re: PHP Security Advisory - Apache Module bugs
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Tue, 16 Jan 2001 13:49:34 -0500

        Depending on your configuration, this can happen. Specifically if it is
explicitly OFF globably, explicitly OFF for one or more vhosts, and
explicitly ON for other vhosts. Most configurations won't get this
particular problem.

Javi Polo wrote:

On 12/Jan/2001, Zeev Suraski wrote:

[2] PHP supports the ability to be installed, and yet disabled, by setting
the configuration option 'engine = off'.  Due to a bug in the Apache module
version of PHP, if one or more virtual hosts within a single Apache server
were configured with engine=off, this value could 'propagate' to other
virtual hosts.  Because setting this option to 'off' disables execution of

I've been using for some months this settings (php default off, and then
enabling it in the virtualdomains that I want) and I've had no problem at
all ...

Are there any more known circumstances when it happens ??

Javi Polo - javipolo () ivworlds org - navo - DrSlump
Proud member of the Panda Gey Community (powered by linux)


 Matthew Keller
 WebMaster, Interim Network Manager &
   Host Systems Analyst
 Computing & Technology Services
 Information Services Division
 State University of New York at Potsdam

 Website: http://mattwork.potsdam.edu/
 PGP: http://mattwork.potsdam.edu/crypto/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]