Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as it was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Scientific Linux Security Update : php on SL4.x i386/x86_64 (20120130)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20120111)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

CentOS Update for php CESA-2012:0019 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)

The remote host is running a version of PHP that is affected by an arbitrary code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability CVE-2011-4885 introduces a remote code execution vulnerability in the function 'phpregistervariableex' in the fil...

Debian: Security Advisory (DSA-2403-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP < 5.3.10 php_register_variable_ex() RCE

Binary data 6304.prm...

Debian DSA-2403-2 : php5 - code injection

Stefan Esser discovered that the implementation of the maxinputvars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)

According to its banner, the version of PHP installed on the remote host is 5.3.9. This version reportedly is affected by a code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability CVE-2011-4885 itself has introduced a remote code execution...

PHP &quot;php_register_variable_ex()&quot;函数任意代码执行漏洞(CVE-2012-0830)

CVE-2012-0830 Php是一款流行的编程语言 PHP在12月为哈希碰撞拒绝服务CVE-2011-4885http://sebug.net/vuldb/ssvid-30001提供的补丁引出了另一个严重的安全漏洞。 防止哈希碰撞的补丁在php.ini中引入了新的配置属性： maxinputvars 此配置元素限制用于请求中使用的变量数量如http://request.com/foo.php?a=1&b=2&c=3，默认设置为1000。...

DSA-2403-1 php5 - code injection

Bulletin has no description...

Fedora 15 : maniadrive-1.2-32.fc15.1 / php-5.3.9-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.1 (2012-0420)

Security Enhancements and Fixes in PHP 5.3.9 : - Added maxinputvars directive to prevent attacks based on hash collisions. CVE-2011-4885 - Fixed bug 60150 Integer overflow during the parsing of invalid exif header. CVE-2011-4566 Full upstream changelog : http://www.php.net/ChangeLog-5.php5.3.9 No...

Medium: php

Issue Overview: It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been...

php security update

CentOS Errata and Security Advisory CESA-2012:0033 Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

FreeBSD : php -- multiple vulnerabilities (d3921810-3c80-11e1-97e8-00215c6a37bb)

php development team reports : Security Enhancements and Fixes in PHP 5.3.9 : - Added maxinputvars directive to prevent attacks based on hash collisions. CVE-2011-4885 - Fixed bug 60150 Integer overflow during the parsing of invalid exif header. CVE-2011-4566 %NASLMINLEVEL 70300 C Tenable Network...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Вышел PHP 5.3.9

Список изменений Первым в списке идет вот такой пункт: Цитата: Added maxinputvars directive to prevent attacks based on hash collisions. ---...

php -- multiple vulnerabilities

php development team reports: Security Enhancements and Fixes in PHP 5.3.9: Added maxinputvars directive to prevent attacks based on hash collisions. CVE-2011-4885 Fixed bug 60150 Integer overflow during the parsing of invalid exif header. CVE-2011-4566...