php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #76189 AllowOverride All recommended in documentation.
Submitted: 2018-04-05 17:26 UTC Modified: 2018-04-05 17:39 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: brian dot f17 at gmail dot com Assigned:
Status: Open Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: brian dot f17 at gmail dot com
New email:
PHP Version: OS:

 

 [2018-04-05 17:26 UTC] brian dot f17 at gmail dot com 
Description:
------------
---
From manual page: http://www.php.net/configuration.changes
---
Documentation recommends using `AllowOverride All` which could cause an Optionsbleed vector: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html


Please change this to prevent more vulnerable systems. 

Expected result:
----------------
Does not recommend using `AllowOverride All`.

Actual result:
--------------
Does recommends using `AllowOverride All`.

Patches

Pull Requests
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 20:01:29 2024 UTC