Re: CHINANSL Security Advisory(CSA-200011)

[Zeev Suraski <zeev () zend com>]

Various people on the PHP QA and development team were unable to reproduce 
this behavior under various versions of Apache and PHP, including the ones 
mentioned in this advisory (the advisory doesn't mention which exact 
version of PHP 3.0 it's using, though).

Note that at any rate, the setup that's described in this advisory  (Apache 
under Windows, using PHP 3.0 as a CGI) is extremely uncommon, especially in 
production environments.

Zeev

At 09:47 6/12/2000, china nsl wrote:

> CHINANSL Security Advisory(CSA-200011)
>
> Topic: PHP AND APACHE Vulnerability
>
> Release Date£º Dec 6, 2000
>
> Affected system:
> ============
>
> APACHE WEB SERVER 1.3
> ¡¡¡¡- Microsoft Windows NT 4.0
> ¡¡¡¡- Microsoft Windows 2000
> Impact:


--
Zeev Suraski <zeev () zend com>
CTO, Zend Technologies Ltd. http://www.zend.com/