Denial Of Service (DoS)

2019-01-1509:06:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

php is vulnerable to denial of service. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP’s FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.

CPENameOperatorVersion
php54-phpeq5.4.16__16.el6
php54-phpeq5.4.40__1.el6
php54-phpeq5.4.16__7.el6
php54-phpeq5.4.16__7.el6.1
php54-phpeq5.4.16__22.el6
php55-phpeq5.5.6__13.el6
php55-phpeq5.5.6__10.el6
php55-phpeq5.5.21__2.el6
rh-php56-phpeq5.6.5__5.el6
phpeq5.3.3__23.el6_4

Name	Operator	Version
php54-php	eq	5.4.16__16.el6
php54-php	eq	5.4.40__1.el6
php54-php	eq	5.4.16__7.el6
php54-php	eq	5.4.16__7.el6.1
php54-php	eq	5.4.16__22.el6
php55-php	eq	5.5.6__13.el6
php55-php	eq	5.5.6__10.el6
php55-php	eq	5.5.21__2.el6
rh-php56-php	eq	5.6.5__5.el6
php	eq	5.3.3__23.el6_4