PHP expose_php Information Disclosure
Medium Nessus Plugin ID 46803
SynopsisThe configuration of PHP on the remote host allows disclosure of sensitive information.
DescriptionThe PHP install on the remote server is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. Such a URL triggers an Easter egg built into PHP itself.
Other such Easter eggs likely exist, but Nessus has not checked for them.
SolutionIn the PHP configuration file, php.ini, set the value for 'expose_php' to 'Off' to disable this behavior. Restart the web server daemon to put this change into effect.