Summary
PHP3 will reveal the physical path of the
webroot when asked for a non-existent PHP3 file
if it is incorrectly configured. Although printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers.
Solution
In the PHP configuration file change display_errors to 'Off':
display_errors = Off
Reference : http://online.securityfocus.com/archive/1/65078 Reference : http://online.securityfocus.com/archive/101/184240
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Tiles Multiple XSS Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability