Difference between revisions of "Apache PHP Config"
Mario Manno (talk | contribs) (added category) |
|||
(One intermediate revision by one other user not shown) | |||
Line 9: | Line 9: | ||
log_errors = On | log_errors = On | ||
</pre> | </pre> | ||
+ | |||
+ | '''Why ?''' | ||
+ | Well look at this list (found on full-disclosure): | ||
+ | |||
+ | * 2004-10-28: PHP cURL Open_Basedir Restriction Bypass Vulnerability | ||
+ | * 2004-10-25: PHP Remote Arbitrary Location File Upload Vulnerability | ||
+ | * 2004-10-25: PHP PHP_Variables Remote Memory Disclosure Vulnerability | ||
+ | * 2004-10-16: PHP memory_limit Remote Code Execution Vulnerability | ||
+ | * 2004-09-15: PHP Strip_Tags() Function Bypass Vulnerability | ||
+ | * 2004-06-07: PHP Microsoft Windows Shell Escape Functions Command Execution Vulnerability | ||
+ | * 2004-05-27: PHP Input/Ouput Wrapper Remote Include Function Command Execution Weakness | ||
+ | * 2004-03-24: PHP openlog() Buffer Overflow Vulnerability | ||
+ | * 2003-11-07: PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability | ||
+ | * 2003-11-07: PHP wordwrap() Heap Corruption Vulnerability | ||
+ | * 2003-09-24: PHP4 Multiple Vulnerabilities | ||
+ | * 2003-09-24: PHP4 Base64_Encode() Integer Overflow Vulnerability | ||
+ | * 2003-08-25: PHP Transparent Session ID Cross Site Scripting Vulnerability | ||
+ | * 2003-08-13: PHP Mail Function ASCII Control Character Header Spoofing Vulnerability | ||
+ | * 2003-08-13: PHP Function CRLF Injection Vulnerability | ||
+ | * 2003-08-13: PHP DLOpen Memory Disclosure Vulnerability | ||
+ | * 2003-07-17: PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability | ||
+ | * 2003-06-08: PHP STR_Repeat Boundary Condition Error Vulnerability | ||
+ | * 2003-06-08: PHP array_pad() Integer Overflow Memory Corruption Vulnerability | ||
+ | * 2003-06-04: PHP PHPInfo Cross-Site Scripting Vulnerability | ||
+ | * 2003-05-19: PHP Post File Upload Buffer Overflow Vulnerabilities | ||
+ | * 2003-05-07: PHP SafeMode Arbitrary File Execution Vulnerability | ||
+ | * 2003-04-14: PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability | ||
+ | * 2003-03-26: PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability | ||
+ | * 2003-03-26: PHP socket_recv() Signed Integer Memory Corruption Vulnerability | ||
+ | * 2003-03-25: PHP socket_iovec_alloc() Integer Overflow Vulnerability | ||
+ | * 2003-02-19: PHP CGI SAPI Code Execution Vulnerability | ||
+ | * 2003-01-08: PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability | ||
+ | * 2002-09-07: PHP Header Function Script Injection Vulnerability | ||
+ | * 2002-08-08: PHP HTTP POST Incorrect MIME Header Parsing Vulnerability | ||
+ | * 2002-07-22: PHP Interpreter Direct Invocation Denial Of Service Vulnerability | ||
+ | * 2002-04-25: PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability | ||
+ | * 2002-03-21: PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability | ||
+ | * 2002-02-08: PHP Include File Relative Directory Information Disclosure Vulnerability | ||
+ | * 2002-01-15: PHP4 Session Files Local Information Disclosure Vulnerability | ||
+ | * 2001-01-16: PHP .htaccess Attribute Transfer Vulnerability | ||
+ | * 2001-01-12: PHP Engine Disable Source Viewing Vulnerability | ||
+ | * 2000-10-12: PHP Error Logging Format String Vulnerability | ||
+ | * 2000-09-03: PHP Upload Arbitrary File Disclosure Vulnerability | ||
+ | * 2000-01-04: PHP3 'safe_mode' Failure Vulnerability | ||
+ | * 1999-06-01: PHP/FI Buffer Overflow Vulnerability | ||
+ | * 1999-06-01: PHP/FI mylog/mlog Vulnerability | ||
+ | * 1999-06-01: PHP/FI Directory Traversal Vulnerability | ||
+ | |||
+ | (careful, fud included) | ||
+ | |||
+ | [[Category:Infos]] |
Latest revision as of 16:06, 17 November 2004
This is a start, find out more here
safe_mode = On register_globals = Off allow_url_fopen = Off expose_php = Off display_errors = Off log_errors = On
Why ? Well look at this list (found on full-disclosure):
- 2004-10-28: PHP cURL Open_Basedir Restriction Bypass Vulnerability
- 2004-10-25: PHP Remote Arbitrary Location File Upload Vulnerability
- 2004-10-25: PHP PHP_Variables Remote Memory Disclosure Vulnerability
- 2004-10-16: PHP memory_limit Remote Code Execution Vulnerability
- 2004-09-15: PHP Strip_Tags() Function Bypass Vulnerability
- 2004-06-07: PHP Microsoft Windows Shell Escape Functions Command Execution Vulnerability
- 2004-05-27: PHP Input/Ouput Wrapper Remote Include Function Command Execution Weakness
- 2004-03-24: PHP openlog() Buffer Overflow Vulnerability
- 2003-11-07: PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
- 2003-11-07: PHP wordwrap() Heap Corruption Vulnerability
- 2003-09-24: PHP4 Multiple Vulnerabilities
- 2003-09-24: PHP4 Base64_Encode() Integer Overflow Vulnerability
- 2003-08-25: PHP Transparent Session ID Cross Site Scripting Vulnerability
- 2003-08-13: PHP Mail Function ASCII Control Character Header Spoofing Vulnerability
- 2003-08-13: PHP Function CRLF Injection Vulnerability
- 2003-08-13: PHP DLOpen Memory Disclosure Vulnerability
- 2003-07-17: PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability
- 2003-06-08: PHP STR_Repeat Boundary Condition Error Vulnerability
- 2003-06-08: PHP array_pad() Integer Overflow Memory Corruption Vulnerability
- 2003-06-04: PHP PHPInfo Cross-Site Scripting Vulnerability
- 2003-05-19: PHP Post File Upload Buffer Overflow Vulnerabilities
- 2003-05-07: PHP SafeMode Arbitrary File Execution Vulnerability
- 2003-04-14: PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
- 2003-03-26: PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
- 2003-03-26: PHP socket_recv() Signed Integer Memory Corruption Vulnerability
- 2003-03-25: PHP socket_iovec_alloc() Integer Overflow Vulnerability
- 2003-02-19: PHP CGI SAPI Code Execution Vulnerability
- 2003-01-08: PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability
- 2002-09-07: PHP Header Function Script Injection Vulnerability
- 2002-08-08: PHP HTTP POST Incorrect MIME Header Parsing Vulnerability
- 2002-07-22: PHP Interpreter Direct Invocation Denial Of Service Vulnerability
- 2002-04-25: PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability
- 2002-03-21: PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability
- 2002-02-08: PHP Include File Relative Directory Information Disclosure Vulnerability
- 2002-01-15: PHP4 Session Files Local Information Disclosure Vulnerability
- 2001-01-16: PHP .htaccess Attribute Transfer Vulnerability
- 2001-01-12: PHP Engine Disable Source Viewing Vulnerability
- 2000-10-12: PHP Error Logging Format String Vulnerability
- 2000-09-03: PHP Upload Arbitrary File Disclosure Vulnerability
- 2000-01-04: PHP3 'safe_mode' Failure Vulnerability
- 1999-06-01: PHP/FI Buffer Overflow Vulnerability
- 1999-06-01: PHP/FI mylog/mlog Vulnerability
- 1999-06-01: PHP/FI Directory Traversal Vulnerability
(careful, fud included)