ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits

Summary Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the...

MGASA-2020-0387 Updated php packages fix a security vulnerability

In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...

Fedora Core 6 : php-5.1.6-3.1.fc6 (2006-1169)

This update fixes a security vulnerability in PHP. The Hardened-PHP Project discovered an overflow in the PHP htmlentities and htmlspecialchars routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the...