| VID |
21701 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpinfo.php script is detected on the Web server. Various software packages could install the phpinfo.php script under the web root or its sub-directories in the default installation process of the application. This script could allow a remote attacker to obtain sensitive information, caused by invoking the phpinfo() function. Phpinfo() creates a web page with comprehensive system environment information such as operating system and web server environment, PHP configuration, absolute path names, global and local values of configuration options, HTTP headers, etc. This information might help a remote attacker to launch further attacks against the affected Web server.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
If it is not required, remove the phpinfo.php script from Web directories. |
| Related URL |
CVE-2002-1149 (CVE) |
| Related URL |
5789,5942,7313 (SecurityFocus) |
| Related URL |
10178,10335,11758,17741 (ISS) |
|
