Bug 741392 - CVE-2011-3730 drupal7: installation path disclosure via a direct request to a .php file [epel-6]
Summary: CVE-2011-3730 drupal7: installation path disclosure via a direct request to a...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: drupal7
Version: el6
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: fst_owner=bvincent
Depends On:
Blocks: CVE-2011-3730
TreeView+ depends on / blocked
 
Reported: 2011-09-26 17:55 UTC by Vincent Danen
Modified: 2014-10-30 05:23 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-30 05:23:22 UTC


Attachments (Terms of Use)

Description Vincent Danen 2011-09-26 17:55:10 UTC
epel-6 tracking bug for drupal7: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]

Comment 1 Brandon Vincent 2014-10-30 05:23:22 UTC
The general consensus from the discussion of this issue in bug 741389 was that with PHP display_errors turned off (which is set by default) that this is not a security issue.

Per the PHP documentation, "This [display_errors] is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet)."


Note You need to log in before you can comment on or make changes to this bug.