PHP expose_php Information Disclosure

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The configuration of PHP on the remote host allows disclosure of
sensitive information.

Description :

The PHP install on the remote server is configured in a way that
allows disclosure of potentially sensitive information to an attacker
through a special URL. Such a URL triggers an Easter egg built into
PHP itself.

Other such Easter eggs likely exist, but Nessus has not checked for

See also :

Solution :

In the PHP configuration file, php.ini, set the value for
'expose_php' to 'Off' to disable this behavior. Restart the web
server daemon to put this change into effect.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Web Servers

Nessus Plugin ID: 46803 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now