Lucene search

K
nvd[email protected]NVD:CVE-2009-4017
HistoryNov 24, 2009 - 12:30 a.m.

CVE-2009-4017

2009-11-2400:30:00
CWE-770
web.nvd.nist.gov
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.054

Percentile

93.2%

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Affected configurations

Nvd
Node
phpphpRange<5.2.12
OR
phpphpMatch5.3.0-
OR
phpphpMatch5.3.0alpha1
OR
phpphpMatch5.3.0alpha2
OR
phpphpMatch5.3.0alpha3
OR
phpphpMatch5.3.0beta1
OR
phpphpMatch5.3.0rc1
OR
phpphpMatch5.3.0rc2
OR
phpphpMatch5.3.0rc3
OR
phpphpMatch5.3.0rc4
Node
applemac_os_xMatch10.6.3
OR
debiandebian_linuxMatch4.0
OR
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:-:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:alpha1:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:alpha2:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:alpha3:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:beta1:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:rc1:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:rc2:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:rc3:*:*:*:*:*:*
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:rc4:*:*:*:*:*:*
Rows per page:
1-10 of 141

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.054

Percentile

93.2%