| 1 |
I read about this vulnerability in the |
| 2 |
2015-04-06-apache-addhandler-addtype Gentoo news item. I don't think |
| 3 |
I'm using any functionality that could expose me to the problem but |
| 4 |
I'd like to be able to say so for sure. Does the fact that I'm |
| 5 |
up-to-date with GLSAs, I don't have PHP5 in APACHE2_OPTS (I use |
| 6 |
php-fpm), along with the following (which I think is default) indicate |
| 7 |
that I'm not vulnerable? |
| 8 |
|
| 9 |
# grep AddHandler -R /etc/apache2 |
| 10 |
/etc/apache2/modules.d/70_mod_php5.conf: AddHandler |
| 11 |
application/x-httpd-php .php .php5 .phtml |
| 12 |
/etc/apache2/modules.d/70_mod_php5.conf: AddHandler |
| 13 |
application/x-httpd-php-source .phps |
| 14 |
/etc/apache2/modules.d/00_mod_mime.conf:# AddHandler allows you to map |
| 15 |
certain file extensions to "handlers": |
| 16 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler cgi-script .cgi |
| 17 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler type-map var |
| 18 |
/etc/apache2/modules.d/00_error_documents.conf: AddHandler type-map var |
| 19 |
|
| 20 |
# grep AddType -R /etc/apache2 |
| 21 |
/etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-x509-ca-cert .crt |
| 22 |
/etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-pkcs7-crl .crl |
| 23 |
/etc/apache2/modules.d/00_mod_mime.conf:# AddType allows you to add to |
| 24 |
or override the MIME configuration |
| 25 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddType application/x-gzip .tgz |
| 26 |
/etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-compress .Z |
| 27 |
/etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-gzip .gz .tgz |
| 28 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddType text/html .shtml |
| 29 |
|
| 30 |
- Grant |
Archives