Stefan Esser wrote: a) ***mod_php*** (if your package is really mod_php) ***is not vulnerable*** to the CGI vulnerability, because it is a vulnerability in the CGI version (this was clearly stated in our announcement)
... then ... Daniel Ahlberg wrote: - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09.1 - - --------------------------------------------------------------------- >PACKAGE : ***mod_php*** >SUMMARY : arbitrary code execution >DATE : 2003-02-19 15:56 UTC >EXPLOIT : remote _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
