From: [EMAIL PROTECTED] Operating system: Windows NT (all Win32) PHP version: 4.1.1 PHP Bug Type: Apache related Bug description: Remote vulnerability allows access to ALL files on webserver
Report yesterday (4 Jan 02) at http://www.securiteam.com/windowsntfocus/5ZP030U60U.html outlines the security hole. I have tested it on NT4, Apache 1.3.9, PHP 4.0.4 and then upgraded to NT4, Apache 1.3.22, PHP 4.1.1 and the problem remains. I've been monitoring the PHP newsgroups (announcements and Windows user lists) since the vulnerability was announced and searched the buglist but haven't found mention of it anywhere. -- Edit bug report at: http://bugs.php.net/?id=14883&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]