atom feed49 messages in ru.sysoev.nginxRe: nginx 0day exploit for nginx + fa...
FromSent OnAttachments
Avleen VigMay 21, 2010 10:06 am 
Avleen VigMay 21, 2010 10:26 am 
Michael ShadleMay 21, 2010 10:27 am 
Igor SysoevMay 21, 2010 10:32 am 
Igor SysoevMay 21, 2010 10:39 am 
Michael ShadleMay 21, 2010 10:47 am 
Igor SysoevMay 21, 2010 11:11 am 
Ian EvansMay 21, 2010 11:25 am 
Michael ShadleMay 21, 2010 11:35 am 
Igor SysoevMay 21, 2010 11:36 am 
Ian M. EvansMay 21, 2010 12:03 pm 
Jérôme LoyetMay 21, 2010 12:44 pm 
Igor SysoevMay 21, 2010 1:38 pm 
Ian EvansMay 21, 2010 1:49 pm 
brianmercerMay 21, 2010 2:02 pm 
Igor SysoevMay 21, 2010 2:17 pm 
Ian EvansMay 21, 2010 2:50 pm 
Cliff WellsMay 21, 2010 5:56 pm 
Grzegorz SienkoMay 21, 2010 6:17 pm 
Michael ShadleMay 21, 2010 6:30 pm 
Cliff WellsMay 21, 2010 7:37 pm 
Ian M. EvansMay 21, 2010 10:23 pm 
Igor SysoevMay 21, 2010 10:27 pm 
Igor SysoevMay 21, 2010 11:06 pm 
Ian EvansMay 21, 2010 11:55 pm 
Igor SysoevMay 22, 2010 12:53 am 
Ian M. EvansMay 22, 2010 2:42 am 
Igor SysoevMay 22, 2010 3:06 am 
Ian M. EvansMay 22, 2010 3:16 am 
Igor SysoevMay 22, 2010 3:22 am 
Ian M. EvansMay 22, 2010 3:49 am 
Ian M. EvansMay 22, 2010 5:13 am 
Igor SysoevMay 22, 2010 5:23 am 
Ian M. EvansMay 22, 2010 5:44 am 
Ding DengMay 22, 2010 6:23 am 
Michael ShadleMay 22, 2010 12:25 pm 
Ian M. EvansMay 22, 2010 3:26 pm 
Weibin YaoMay 23, 2010 8:19 pm 
Jérôme LoyetMay 23, 2010 11:56 pm 
Weibin YaoMay 24, 2010 1:13 am 
Eren TürkayMay 25, 2010 8:40 am 
gdorkJan 26, 2011 8:06 pm 
Michael ShadleJan 26, 2011 8:13 pm 
Edho P AriefJan 26, 2011 9:22 pm 
Michael ShadleJan 26, 2011 10:03 pm 
tuurtntDec 14, 2011 3:25 pm 
KraiserFeb 17, 2012 6:53 am 
Reinis RozitisFeb 17, 2012 8:39 am 
zseroOct 30, 2012 10:01 am 
Subject:Re: nginx 0day exploit for nginx + fastcgi PHP
From:Michael Shadle (mike@gmail.com)
Date:May 21, 2010 6:30:41 pm
List:ru.sysoev.nginx

Yeah I've always had it set to 1 too. I think fastcgi_split_path_info may be able to bridge the gap perhaps.

On May 21, 2010, at 6:17 PM, Grzegorz Sienko <sta@krecio.pl> wrote:

From php.ini

; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. cgi.fix_pathinfo=1

2010/5/22 Cliff Wells <cli@develix.com>:

On Fri, 2010-05-21 at 10:48 -0700, Michael Shadle wrote:

Default is zero.

Indeed.

I can't find a single installation of PHP (amongst about 35 virtual servers I checked) where this option isn't commented out (so defaulting to 0).

Is there some widely-used PHP application that requires this be on?

Cliff

--

_______________________________________________ nginx mailing list ngi@nginx.org http://nginx.org/mailman/listinfo/nginx

_______________________________________________ nginx mailing list ngi@nginx.org http://nginx.org/mailman/listinfo/nginx

_______________________________________________ nginx mailing list ngi@nginx.org http://nginx.org/mailman/listinfo/nginx