CVE-2004-0263

Apache HTTP Server - Information Disclosure via PHP Global Variable Leak

Title source: llm
STIX 2.1

Description

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/3878
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9599
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15072
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200402-01.xml

Scores

EPSS 0.0348
EPSS Percentile 87.8%

Details

Status published
Products (49)
apache/http_server 1.0
apache/http_server 1.0.2
apache/http_server 1.0.3
apache/http_server 1.0.5
apache/http_server 1.1
apache/http_server 1.1.1
apache/http_server 1.2
apache/http_server 1.2.5
apache/http_server 1.3
apache/http_server 1.3.1
... and 39 more
Published Nov 23, 2004
Tracked Since Feb 18, 2026