Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24807
HistoryApr 10, 2020 - 1:06 a.m.

Denial Of Service (DoS)

2020-04-1001:06:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24

EPSS

0.875

Percentile

98.7%

php is vulnerable to denial of service (DoS). The vulnerability exists as it was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.

References