atom feed49 messages in ru.sysoev.nginxRe: nginx 0day exploit for nginx + fa...
FromSent OnAttachments
Avleen VigMay 21, 2010 10:06 am 
Avleen VigMay 21, 2010 10:26 am 
Michael ShadleMay 21, 2010 10:27 am 
Igor SysoevMay 21, 2010 10:32 am 
Igor SysoevMay 21, 2010 10:39 am 
Michael ShadleMay 21, 2010 10:47 am 
Igor SysoevMay 21, 2010 11:11 am 
Ian EvansMay 21, 2010 11:25 am 
Michael ShadleMay 21, 2010 11:35 am 
Igor SysoevMay 21, 2010 11:36 am 
Ian M. EvansMay 21, 2010 12:03 pm 
Jérôme LoyetMay 21, 2010 12:44 pm 
Igor SysoevMay 21, 2010 1:38 pm 
Ian EvansMay 21, 2010 1:49 pm 
brianmercerMay 21, 2010 2:02 pm 
Igor SysoevMay 21, 2010 2:17 pm 
Ian EvansMay 21, 2010 2:50 pm 
Cliff WellsMay 21, 2010 5:56 pm 
Grzegorz SienkoMay 21, 2010 6:17 pm 
Michael ShadleMay 21, 2010 6:30 pm 
Cliff WellsMay 21, 2010 7:37 pm 
Ian M. EvansMay 21, 2010 10:23 pm 
Igor SysoevMay 21, 2010 10:27 pm 
Igor SysoevMay 21, 2010 11:06 pm 
Ian EvansMay 21, 2010 11:55 pm 
Igor SysoevMay 22, 2010 12:53 am 
Ian M. EvansMay 22, 2010 2:42 am 
Igor SysoevMay 22, 2010 3:06 am 
Ian M. EvansMay 22, 2010 3:16 am 
Igor SysoevMay 22, 2010 3:22 am 
Ian M. EvansMay 22, 2010 3:49 am 
Ian M. EvansMay 22, 2010 5:13 am 
Igor SysoevMay 22, 2010 5:23 am 
Ian M. EvansMay 22, 2010 5:44 am 
Ding DengMay 22, 2010 6:23 am 
Michael ShadleMay 22, 2010 12:25 pm 
Ian M. EvansMay 22, 2010 3:26 pm 
Weibin YaoMay 23, 2010 8:19 pm 
Jérôme LoyetMay 23, 2010 11:56 pm 
Weibin YaoMay 24, 2010 1:13 am 
Eren TürkayMay 25, 2010 8:40 am 
gdorkJan 26, 2011 8:06 pm 
Michael ShadleJan 26, 2011 8:13 pm 
Edho P AriefJan 26, 2011 9:22 pm 
Michael ShadleJan 26, 2011 10:03 pm 
tuurtntDec 14, 2011 3:25 pm 
KraiserFeb 17, 2012 6:53 am 
Reinis RozitisFeb 17, 2012 8:39 am 
zseroOct 30, 2012 10:01 am 
Subject:Re: nginx 0day exploit for nginx + fastcgi PHP
From:Cliff Wells (cli@develix.com)
Date:May 21, 2010 7:37:58 pm
List:ru.sysoev.nginx

I can't even set this on PHP 5.1.6 or it won't start... PHP is a bit of crap, isn't it?

Cliff

On Sat, 2010-05-22 at 03:17 +0200, Grzegorz Sienko wrote:

From php.ini

; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. cgi.fix_pathinfo=1

2010/5/22 Cliff Wells <cli@develix.com>:

On Fri, 2010-05-21 at 10:48 -0700, Michael Shadle wrote:

Default is zero.

Indeed.

I can't find a single installation of PHP (amongst about 35 virtual servers I checked) where this option isn't commented out (so defaulting to 0).

Is there some widely-used PHP application that requires this be on?

Cliff

--

_______________________________________________ nginx mailing list ngi@nginx.org http://nginx.org/mailman/listinfo/nginx

_______________________________________________ nginx mailing list ngi@nginx.org http://nginx.org/mailman/listinfo/nginx

--

_______________________________________________ nginx mailing list ngi@nginx.org http://nginx.org/mailman/listinfo/nginx