Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jun 2015 07:35:11 -0500
From: Dennis <>
Subject: CVE Request: mime-support


This bug deserves
a CVE.  Basically, in the default configuration of apache + mod_php +
mod_mime, files like test.php.blah will be executed as PHP code.  The
expected behavior is that only test.php will be executed as PHP.  Yes, it
was fixed 5 years ago, but I am seeing it actively utilized against Ubuntu
12.04 (which did not get the fix), specifically against Wordpress plugins
that allow file uploads.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ