Summary
A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users can directly execute the PHP binary:
http://www.somehost.com/php/php.exe?c:\winnt\win.ini
Solution
Obtain the latest version from http://www.php.net
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2002-2029 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- Adobe ColdFusion Information Disclosure Vulnerability
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability