oss-sec mailing list archives

Re: CVE request: Serendipity < 1.5 upload of files with .php. possible

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 23 Dec 2009 17:02:08 -0500 (EST)


On Mon, 21 Dec 2009, Hanno B??ck wrote:

From 1.5 release notes:
# Disallow uploading any files that contain ".php." in the filename for extra
security with Apache MimeMagic-Modules


Use CVE-2009-4412, to be filled in later.

- Steve

Current thread:

CVE request: Serendipity < 1.5 upload of files with *.php.* possible Hanno Böck (Dec 21)
- Re: CVE request: Serendipity < 1.5 upload of files with *.php.* possible Steven M. Christey (Dec 23)