Bug 741393 - CVE-2011-3730 drupal7: installation path disclosure via a direct request to a .php file [epel-5]
CVE-2011-3730 drupal7: installation path disclosure via a direct request to a...
Status: CLOSED NOTABUG
Product: Fedora EPEL
Classification: Fedora
Component: drupal7 (Show other bugs)
el5
All Linux
low Severity low
: ---
: ---
Assigned To: Jon Ciesla
Fedora Extras Quality Assurance
fst_owner=bvincent
: Security, SecurityTracking
Depends On:
Blocks: CVE-2011-3730
  Show dependency treegraph
 
Reported: 2011-09-26 13:55 EDT by Vincent Danen
Modified: 2014-10-30 01:23 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-30 01:23:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-09-26 13:55:19 EDT
epel-5 tracking bug for drupal7: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 Brandon Vincent 2014-10-30 01:23:50 EDT
The general consensus from the discussion of this issue in bug 741389 was that with PHP display_errors turned off (which is set by default) that this is not a security issue.

Per the PHP documentation, "This [display_errors] is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet)."

Note You need to log in before you can comment on or make changes to this bug.