The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
Max CVSS
5.0
EPSS Score
0.33%
Published
2001-01-12
Updated
2016-10-18
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
Max CVSS
5.0
EPSS Score
0.18%
Published
2001-03-12
Updated
2017-10-10
2 vulnerabilities found