Hi all, i need some help I did scan of my network with nessus and i get the following warning:
Description : The version of SquirrelMail installed on the remote fails to check the origin of the 'base_uri' parameter in the 'functions/strings.php' script before using it to set the path for its cookies. An attacker may be able to leverage this issue to steal cookies associated with the affected application provided he has control of a malicious site within the same domain and PHP's 'register_globals' setting is enabled. Solution : Disable PHP's 'register_globals' setting in my /etc/php.ini register_globals = off ... How do I change this and correct this issue? Thanx in advance -- View this message in context: http://www.nabble.com/Disable-PHP%27s-%27register_globals%27-setting-tp22493467p22493467.html Sent from the squirrelmail-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
