Description

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Remediation

References

CVE-2001-1385

Related Vulnerabilities

WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)

Moodle Improper Control of Generation of Code (Code Injection) (CVE-2019-14827)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2006-0369)

WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6708)

Severity

Medium

Classification

CVE-2001-1385

Tags

Missing Update Known Vulnerabilities