我已在 TrustWave 上扫描了我的网站以了解 PCI 合规性并发现此错误
Apache HTTP Server mod_session_dbd Session ID Reuse Vulnerability
我的网站在 Apache Server 2.4.4(在 XAMPP 上)上的 Windows Server 2008 R2 Enterprise 上运行
以下链接是修复此问题的补丁,但无法找到要编辑的文件的位置
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
根据http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2249的建议
任何人都可以指导我吗?
此致 !
this vulnerability is on the lastest version of apache so there is nothing to upgrade
if you have installed this version of apache on redHat-Enterprise (version:4 or 5 or 6) so your are not affected
if no :
this vulneravility is about session_start(); $_session(); whene session_id is set by the php there is no session_expired that renew the session_id
Solution:
dont use this module session_start(); and wait fot he new update of the apache that's all and there is nothing to Carry about