 |
 |
 |
 |
|
|
Date: 12/10/00
- Next message: Sascha Schumann: "Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /sapi/apache php_apache.c"
- Previous message: Sebastian Bergmann: "Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /sapi/apache php_apache.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>Date: Sun, 10 Dec 2000 22:40:59 +0200
>To: webmaster <email protected>
>From: Zeev Suraski <zeev <email protected>>
>Subject: Re: CHINANSL Security Advisory(CSA-200011)
>Cc: BUGTRAQ <email protected>
>
>Various people on the PHP QA and development team were unable to reproduce
>this behavior under various versions of Apache and PHP, including the ones
>mentioned in this advisory (the advisory doesn't mention which exact
>version of PHP 3.0 it's using, though).
>
>Note that at any rate, the setup that's described in this
>advisory (Apache under Windows, using PHP 3.0 as a CGI) is extremely
>uncommon, especially in production environments.
>
>Zeev
>
>At 09:47 6/12/2000, china nsl wrote:
>
>>CHINANSL Security Advisory(CSA-200011)
>>
>>Topic: PHP AND APACHE Vulnerability
>>
>>Release Date£º Dec 6, 2000
>>
>>Affected system:
>>============
>>
>>APACHE WEB SERVER 1.3
>>¡¡¡¡- Microsoft Windows NT 4.0
>>¡¡¡¡- Microsoft Windows 2000
>>Impact:
>
>--
>Zeev Suraski <zeev <email protected>>
>CTO, Zend Technologies Ltd. http://www.zend.com/
-- Zeev Suraski <zeev <email protected>> CTO, Zend Technologies Ltd. http://www.zend.com/-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Sascha Schumann: "Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /sapi/apache php_apache.c"
- Previous message: Sebastian Bergmann: "Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /sapi/apache php_apache.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]