5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
php is vulnerable to denial of service. It was discovered that PHP did not limit the maximum number of files that can be uploaded in one request. A remote attacker could use this flaw to instigate a denial of service by causing the PHP interpreter to use lots of system resources dealing with requests containing large amounts of files to be uploaded. This vulnerability depends on file uploads being enabled (which it is, in the default PHP configuration).
CPE | Name | Operator | Version |
---|---|---|---|
php | eq | 5.1.6__7.el5 | |
php | eq | 5.1.6__11.el5 | |
php | eq | 5.1.6__20.el5_2.1 | |
php | eq | 5.1.6__12.el5 | |
php | eq | 5.1.6__20.el5 | |
php | eq | 5.1.6__23.2.el5_3 | |
php | eq | 5.1.6__15.el5 | |
php | eq | 5.1.6__23.el5 | |
php | eq | 5.1.6__5.el5 | |
php | eq | 5.1.6__7.el5 |
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
marc.info/?l=bugtraq&m=127680701405735&w=2
news.php.net/php.announce/79
seclists.org/fulldisclosure/2009/Nov/228
secunia.com/advisories/37482
secunia.com/advisories/37821
secunia.com/advisories/40262
secunia.com/advisories/41480
secunia.com/advisories/41490
support.apple.com/kb/HT4077
www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
www.debian.org/security/2009/dsa-1940
www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
www.mandriva.com/security/advisories?name=MDVSA-2009:303
www.mandriva.com/security/advisories?name=MDVSA-2009:305
www.openwall.com/lists/oss-security/2009/11/20/2
www.openwall.com/lists/oss-security/2009/11/20/7
www.php.net/ChangeLog-5.php
www.php.net/releases/5_2_12.php
www.php.net/releases/5_3_1.php
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/archive/1/507982/100/0/threaded
www.vupen.com/english/advisories/2009/3593
access.redhat.com/errata/RHSA-2010:0040
exchange.xforce.ibmcloud.com/vulnerabilities/54455
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667