5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
php7 is vulnerable to denial of service. When HTTP file uploads are allowed, overly long filenames or field names could cause the engine to allocate oversized memory storage and stop further processes when the memory limit is hit. This results in the accumulation of uncleaned temporary files exhausting the disk space on the target server.
lists.opensuse.org/opensuse-security-announce/2020-06/msg00045.html
bugs.php.net/bug.php?id=78875
bugs.php.net/bug.php?id=78876
lists.debian.org/debian-lts-announce/2020/06/msg00033.html
lists.fedoraproject.org/archives/list/[email protected]/message/OBA3TFZSP3TB5N4G24SO6BI64RJZXE3D/
lists.fedoraproject.org/archives/list/[email protected]/message/XMDUQ7XFONY3BWTAQQUD3QUGZT6NFZUF/
security.netapp.com/advisory/ntap-20200528-0006/
usn.ubuntu.com/4375-1/
www.debian.org/security/2020/dsa-4717
www.debian.org/security/2020/dsa-4719
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuoct2020.html
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P