From: Grant <emailgrant@gmail.com>
To: Gentoo mailing list <gentoo-user@lists.gentoo.org>
Subject: [gentoo-user] apache2 AddHandler/SetHandler vulnerability
Date: Sat, 25 Apr 2015 14:23:06 -0700 [thread overview]
Message-ID: <CAN0CFw2GVGEzdyFqdHFcTN+BrqQHShfK5EFyv5q2nOiQNJGUKQ@mail.gmail.com> (raw)
I read about this vulnerability in the
2015-04-06-apache-addhandler-addtype Gentoo news item. I don't think
I'm using any functionality that could expose me to the problem but
I'd like to be able to say so for sure. Does the fact that I'm
up-to-date with GLSAs, I don't have PHP5 in APACHE2_OPTS (I use
php-fpm), along with the following (which I think is default) indicate
that I'm not vulnerable?
# grep AddHandler -R /etc/apache2
/etc/apache2/modules.d/70_mod_php5.conf: AddHandler
application/x-httpd-php .php .php5 .phtml
/etc/apache2/modules.d/70_mod_php5.conf: AddHandler
application/x-httpd-php-source .phps
/etc/apache2/modules.d/00_mod_mime.conf:# AddHandler allows you to map
certain file extensions to "handlers":
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler cgi-script .cgi
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler type-map var
/etc/apache2/modules.d/00_error_documents.conf: AddHandler type-map var
# grep AddType -R /etc/apache2
/etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-x509-ca-cert .crt
/etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-pkcs7-crl .crl
/etc/apache2/modules.d/00_mod_mime.conf:# AddType allows you to add to
or override the MIME configuration
/etc/apache2/modules.d/00_mod_mime.conf:#AddType application/x-gzip .tgz
/etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-compress .Z
/etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-gzip .gz .tgz
/etc/apache2/modules.d/00_mod_mime.conf:#AddType text/html .shtml
- Grant
next reply other threads:[~2015-04-25 21:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-25 21:23 Grant [this message]
2015-04-26 0:51 ` [gentoo-user] apache2 AddHandler/SetHandler vulnerability Michael Orlitzky
2015-04-26 8:04 ` Mick
2015-04-26 17:14 ` Michael Orlitzky
2015-04-26 21:48 ` Mick
2015-04-26 22:04 ` Michael Orlitzky
2015-04-26 19:18 ` Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAN0CFw2GVGEzdyFqdHFcTN+BrqQHShfK5EFyv5q2nOiQNJGUKQ@mail.gmail.com \
--to=emailgrant@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox