CVE-2003-0249 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks PHP treats unknown methods such as \PoSt\ as a GET request which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods such as Apache httpd 2.0 as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team saying \It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone which is the assumption made in this report.\

Reference

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97