English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  


--------------------------------------------------------------------------
  Turbolinux Security Advisory TLSA-2002-10
  http://www/turbolinux.co.jp/security/
                                            security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Php

Acquisition of PHP Setting information

   Release date : 2002-02-21

   Object package : php-4.1.1-4
                    php-3.0.18-8jaJP

   Problem

    There is a possibility of an unauthorized user acquiring the setting information of setting of the PHP by giving the character string of the browser specification.



   Solution:
    Please verify version and execute the command below.
    From php-4.1.1-4 and php-3.0.18-8jacJp version before in case of use
    " Display_errors " of /etc/httpd/php.ini or /etc/httpd/php3.ini OFF.

    # rpm -qa | grep php

    [ /etc/httpd/php.ini ]
    --------------------------
    Display_errors = ON
    
    Display_errors = OFF
    --------------------------

    Furthermore, please read and execute the package number which corresponds to your version number.

    < Turbolinux 7 Server >
    < Turbolinux 7 Workstation >
    # rpm -Uvh php-4.1.1-4.i586.rpm \
    php-imap-4.1.1-4.i586.rpm \
    php-ldap-4.1.1-4.i586.rpm \
    php-manual-4.1.1-4.i586.rpm \
    php-mysql-4.1.1-4.i586.rpm \
    php-pgsql-4.1.1-4.i586.rpm

    < Turbolinux Server 6.5 >
    < Turbolinux Advanced Server 6 >
    < Turbolinux Server 6.1 >
    < Turbolinux Workstation 6.0 >
    # rpm -Uvh php-3.0.18-8jaJP.i386.rpm \
    php-imap-3.0.18-8jaJP.i386.rpm \
    php-ldap-3.0.18-8jaJP.i386.rpm \
    php-manual-3.0.18-8jaJP.i386.rpm \
    php-mysql-3.0.18-8jaJP.i386.rpm \
    php-pgsql-3.0.18-8jaJP.i386.rpm \
    cyrus-sasl-1.5.24-15.i386.rpm \
    cyrus-sasl-devel-1.5.24-15.i386.rpm

    * When the MycSql, the openldap and the postgresql are used, update may be necessary.

Package updates: http://www.turbolinux.co.jp/update/

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.