Vulnerability Details CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
- http://marc.info/?l=bugtraq&m=97957961212852
- http://www.debian.org/security/2001/dsa-020
- http://www.iss.net/security_center/static/5939.php
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
- http://www.redhat.com/support/errata/RHSA-2000-136.html
- http://www.securityfocus.com/bid/2205
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
- http://marc.info/?l=bugtraq&m=97957961212852
- http://www.debian.org/security/2001/dsa-020
- http://www.iss.net/security_center/static/5939.php
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
- http://www.redhat.com/support/errata/RHSA-2000-136.html
- http://www.securityfocus.com/bid/2205
Products affected by CVE-2001-1385
-
cpe:2.3:a:php:php:4.0
-
cpe:2.3:a:php:php:4.0.1
-
cpe:2.3:a:php:php:4.0.3
-
cpe:2.3:a:php:php:4.0.4
-
cpe:2.3:o:mandrakesoft:mandrake_linux:7.2