Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23982

HistoryApr 10, 2020 - 12:42 a.m.

Cross-Site Scripting (XSS)

2020-04-1000:42:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

php is vulnerable to denial of service. It was discovered that PHP did not limit the maximum number of files that can be uploaded in one request. A remote attacker could use this flaw to instigate a denial of service by causing the PHP interpreter to use lots of system resources dealing with requests containing large amounts of files to be uploaded. This vulnerability depends on file uploads being enabled (which it is, in the default PHP configuration).

CPENameOperatorVersion
phpeq5.1.6__7.el5
phpeq5.1.6__11.el5
phpeq5.1.6__20.el5_2.1
phpeq5.1.6__12.el5
phpeq5.1.6__20.el5
phpeq5.1.6__23.2.el5_3
phpeq5.1.6__15.el5
phpeq5.1.6__23.el5
phpeq5.1.6__5.el5
phpeq5.1.6__7.el5

Rows per page:

1-10 of 181

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

marc.info/?l=bugtraq&m=127680701405735&w=2

news.php.net/php.announce/79

seclists.org/fulldisclosure/2009/Nov/228

secunia.com/advisories/37482

secunia.com/advisories/37821

secunia.com/advisories/40262

secunia.com/advisories/41480

secunia.com/advisories/41490

support.apple.com/kb/HT4077

www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/

www.debian.org/security/2009/dsa-1940

www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

www.mandriva.com/security/advisories?name=MDVSA-2009:303

www.mandriva.com/security/advisories?name=MDVSA-2009:305

www.openwall.com/lists/oss-security/2009/11/20/2

www.openwall.com/lists/oss-security/2009/11/20/7

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_12.php

www.php.net/releases/5_3_1.php

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/archive/1/507982/100/0/threaded

www.vupen.com/english/advisories/2009/3593

access.redhat.com/errata/RHSA-2010:0040

exchange.xforce.ibmcloud.com/vulnerabilities/54455

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:23982

prion1 openvas37 f54 ubuntucve1 cve1 fedora2 nessus25 securityvulns2 freebsd1 slackware1 redhat1 oraclelinux1 centos1 ubuntu1 gentoo1 threatpost1