741393 – CVE-2011-3730 drupal7: installation path disclosure via a direct request to a .php file [epel-5]

Bug 741393 - CVE-2011-3730 drupal7: installation path disclosure via a direct request to a .php file [epel-5]

Summary: CVE-2011-3730 drupal7: installation path disclosure via a direct request to a...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	drupal7
Sub Component:
Version:	el5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Gwyn Ciesla
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	fst_owner=bvincent
Depends On:
Blocks:	CVE-2011-3730
TreeView+	depends on / blocked

Reported:	2011-09-26 17:55 UTC by Vincent Danen
Modified:	2014-10-30 05:23 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Release Note
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-10-30 05:23:50 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2011-09-26 17:55:19 UTC

epel-5 tracking bug for drupal7: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]

Comment 1 Brandon Vincent 2014-10-30 05:23:50 UTC

The general consensus from the discussion of this issue in bug 741389 was that with PHP display_errors turned off (which is set by default) that this is not a security issue.

Per the PHP documentation, "This [display_errors] is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet)."

Note You need to log in before you can comment on or make changes to this bug.