Bug 741392 - CVE-2011-3730 drupal7: installation path disclosure via a direct request to a .php file [epel-6]
CVE-2011-3730 drupal7: installation path disclosure via a direct request to a...
Product: Fedora EPEL
Classification: Fedora
Component: drupal7 (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Gwyn Ciesla
Fedora Extras Quality Assurance
: Security, SecurityTracking
Depends On:
Blocks: CVE-2011-3730
  Show dependency treegraph
Reported: 2011-09-26 13:55 EDT by Vincent Danen
Modified: 2014-10-30 01:23 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-10-30 01:23:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-09-26 13:55:10 EDT
epel-6 tracking bug for drupal7: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.

[bug automatically created by: add-tracking-bugs]
Comment 1 Brandon Vincent 2014-10-30 01:23:22 EDT
The general consensus from the discussion of this issue in bug 741389 was that with PHP display_errors turned off (which is set by default) that this is not a security issue.

Per the PHP documentation, "This [display_errors] is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet)."

Note You need to log in before you can comment on or make changes to this bug.