CVE-2001-1385 — Mandrake Linux vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Linux PHP

Timeline

PublishedJan 12

Latest updateApr 30

Description

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDphp/php4 versions+3

▶NVDmandrakesoft/mandrake_linux7.2

Patches

Patch: www.iss.net ↗Patch: www.redhat.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-3rrg-mmq3-p43v: The Apache module for PHP 4↗2022-04-30

▶

CVEList

CVE-2001-1385: The Apache module for PHP 4↗2003-04-02

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-01-12

▶

💬Community

Bugzilla

CVE-2001-1385 security flaw↗2018-08-16

▶