Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jun 2015 07:35:11 -0500
From: Dennis <shr3kst3r@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: mime-support

Hi,

This bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589384 deserves
a CVE.  Basically, in the default configuration of apache + mod_php +
mod_mime, files like test.php.blah will be executed as PHP code.  The
expected behavior is that only test.php will be executed as PHP.  Yes, it
was fixed 5 years ago, but I am seeing it actively utilized against Ubuntu
12.04 (which did not get the fix), specifically against Wordpress plugins
that allow file uploads.

Thanks,
Dennis

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ