CVE-2003-0249— ** DISPUTED ** PHP绕过预期的访问限制漏洞

N/A

PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.

N/A

N/A

** DISPUTED ** PHP绕过预期的访问限制漏洞

** DISPUTED ** PHP将如"PoSt"的未知类函数作为GET请求，PHP运行在传送所有类函数的服务器上时，攻击者利用该漏洞绕过预期的访问限制，如Apache httpd 2.0版本使用限制指令。

N/A

N/A