CVE-2001-0108

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.2.0 PHP versions 4.0.0 through 4.0.4 for Apache PHP PHP 3.0 .18 PHP PHP 3.0 .17 PHP PHP 3.0 .16 PHP PHP 3.0 .15 PHP PHP 3.0 .14 PHP PHP 3.0 .13 PHP PHP 3.0 .12 PHP PHP 3.0 .11 PHP PHP 3.0 .10

Description: The issue allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. Several buffer overflow vulnerabilities in the handling of file uploads were found, which can be exploited by a remote attacker using the HTTP POST method to upload a PHP form containing specially-crafted MIME-encoded data, allowing the execution of arbitrary code on the Web server with elevated privileges. A vulnerability in the .htaccess file can allow a remote attacker to gain unauthorized access to restricted files. Additionally, a remote attacker can view the source code of PHP scripts if multiple virtual hosts are configured on a single Web server.

Recommendations: For PHP versions 4.0.0 through 4.0.4, consider disabling the .htaccess file or restricting access to it until a patch is available. For PHP versions prior to 4.2.0, update to a version that is not vulnerable to the buffer overflow vulnerabilities in the handling of file uploads. For PHP PHP 3.0 .18 and earlier, restrict access to the PHP scripts to minimize the risk of exploitation. As a temporary workaround, consider disabling PHP execution on virtual hosts where it is not necessary until the issue is resolved. Avoid using the parameter engine=off on just one of the virtual hosts to disable PHP execution, as it may disable PHP execution on other virtual hosts on the same server.