[prev in list] [next in list] [prev in thread] [next in thread]
List: twig-devel
Subject: [Twig-devel] [twig 0000100]: Source code of .php3 configuration files readable to everyone
From: bugtracker () informationgateway ! org
Date: 2005-06-07 12:14:10
Message-ID: 00e013f5c88b7a1771263c3d7d4b5176 () bugs ! informationgateway ! org
[Download RAW message or body]
The following issue has been CLOSED
======================================================================
<http://bugs.informationgateway.org/view.php?id=100>
======================================================================
Reported By: dprade
Assigned To:
======================================================================
Project: twig
Issue ID: 100
Category: Other
Reproducibility: always
Severity: major
Priority: normal
Status: closed
Resolution: open
Fixed in Version:
======================================================================
Date Submitted: 06-07-2005 03:10 EDT
Last Modified: 06-07-2005 08:14 EDT
======================================================================
Summary: Source code of .php3 configuration files readable to
everyone
Description:
The source code of ".php3" files are readable to everyone.
Therefore also "./config/dbconfig.inc.php3" with the stored password
inside!
The same vulnerability doesn't exist for php scripts with ".php"
extension.
The installed packages are:
- Apache 2.0.52
- php 4.3.9
======================================================================
----------------------------------------------------------------------
brian - 06-07-05 08:14
----------------------------------------------------------------------
This is not a bug in TWIG. It is a misconfiguration in Apache. Please refer
to the Apache documentation
http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride for
information on how to configure Apache to handle the .htaccess files
provided with TWIG.
It would also be a good idea for you to configure Apache/PHP to handle
files with a .php3 extension.
Issue History
Date Modified Username Field Change
======================================================================
06-07-05 03:10 dprade New Issue
06-07-05 08:14 brian Status new => closed
06-07-05 08:14 brian Note Added: 0000193
======================================================================
_______________________________________________
Twig-devel mailing list
Twig-devel@informationgateway.org
http://informationgateway.org/mailman/listinfo/twig-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic