Apache mod_php是用于解析PHP的Apache模块。

Apache mod_php在部分设置的情况下存在问题，远程攻击者可以利用这个漏洞获得敏感信息。

如果服务器配置文件"php.ini"设置"register_globals = on"，及提交一个请求给虚拟主机(虚拟主机包含"php_admin_flag register_globals off"设置)，如果下一个请求通过相同apache子进程发送给其他的虚拟主机(此虚拟主机没有任何设置)，那么服务器部分设置就会泄露。

根据服务器和站点配置，攻击者可能获得全局变量信息，如MySQL密码等。

受影响系统：
Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.29
Apache Software Foundation Apache 1.3.28
Apache Software Foundation Apache 1.3.26
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.3.27
- HP HP-UX 11.04
- OpenBSD 3.3
- RedHat Enterprise Linux WS 2.1
- RedHat Enterprise Linux ES 2.1
- RedHat Enterprise Linux AS 2.1
- RedHat Linux 8.0
- RedHat Linux 7.3
- RedHat Linux 7.2

攻击方法：
参考“详细”栏

解决方案：
Apache Software Foundation
--------------------------
Gentoo Linux建议升级到mode_php 4.3.4-r4版本：

执行如下命令：