Apache 2 for Windows php.exe Path Disclosure Vulnerability

Apache is a powerful, widely used web server available for most operating systems, including Linux, Windows and many other Unix like systems. Apache 2 is currently in development, and beta versions have been made available to the public.

A path disclosure vulnerability exists in the default configuration of some beta releases of Apache 2. If PHP is also installed with default values, it is possible to submit a malicious request to the web server such that the full path of the PHP interpreter is disclosed.

A url of the form http://host/file.php/123 will result in an error message, including in part the path of the file php.exe.


 

Privacy Statement
Copyright 2010, SecurityFocus