1 |
I read about this vulnerability in the |
2 |
2015-04-06-apache-addhandler-addtype Gentoo news item. I don't think |
3 |
I'm using any functionality that could expose me to the problem but |
4 |
I'd like to be able to say so for sure. Does the fact that I'm |
5 |
up-to-date with GLSAs, I don't have PHP5 in APACHE2_OPTS (I use |
6 |
php-fpm), along with the following (which I think is default) indicate |
7 |
that I'm not vulnerable? |
8 |
|
9 |
# grep AddHandler -R /etc/apache2 |
10 |
/etc/apache2/modules.d/70_mod_php5.conf: AddHandler |
11 |
application/x-httpd-php .php .php5 .phtml |
12 |
/etc/apache2/modules.d/70_mod_php5.conf: AddHandler |
13 |
application/x-httpd-php-source .phps |
14 |
/etc/apache2/modules.d/00_mod_mime.conf:# AddHandler allows you to map |
15 |
certain file extensions to "handlers": |
16 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler cgi-script .cgi |
17 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddHandler type-map var |
18 |
/etc/apache2/modules.d/00_error_documents.conf: AddHandler type-map var |
19 |
|
20 |
# grep AddType -R /etc/apache2 |
21 |
/etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-x509-ca-cert .crt |
22 |
/etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-pkcs7-crl .crl |
23 |
/etc/apache2/modules.d/00_mod_mime.conf:# AddType allows you to add to |
24 |
or override the MIME configuration |
25 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddType application/x-gzip .tgz |
26 |
/etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-compress .Z |
27 |
/etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-gzip .gz .tgz |
28 |
/etc/apache2/modules.d/00_mod_mime.conf:#AddType text/html .shtml |
29 |
|
30 |
- Grant |