Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20001: etc/apache2/mods-available/debian-edu-userdir.conf: Disable built-in PHP engine. (4d39a588) · Commits · Debian Edu / debian-edu-config

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

CVE
Open in Source
#web#debian#apache#git

Commit 4d39a588 authored Jan 15, 2022 by Mike Gabriel's avatar

Browse files

etc/apache2/mods-available/debian-edu-userdir.conf: Disable built-in PHP engine.

  • Changes 1

@@ -3,6 +3,9 @@

UserDir disabled root

<Directory /skole/*/home*/*/public_html>

php_admin_flag engine off

AllowOverride FileInfo AuthConfig Limit

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

<Limit GET POST OPTIONS>

  • mentioned in commit 1c06c8a0

    mentioned in commit 1c06c8a008ed2853e703a17ad02d31fdb7c0e422

  • mentioned in commit f400eb04

    mentioned in commit f400eb04488662059ba961d07cc94489c96601eb

  • mentioned in commit ac1d297b

    mentioned in commit ac1d297bf93bc57fc9eb8fc32ac89394d316c6a7

  • MITRE publishing request: https://github.com/CVEProject/cvelist/pull/4506

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE