Denial Of Service Vulnerability In PHP April-09 Network Vulnerability

Summary

The host is installed with PHP and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could result in denial of service condition. Impact Level: Application

Solution

Upgrade to PHP version 5.2.9 or above, http://www.php.net/downloads.php Workaround: For workaround refer below link, http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15

Insight

Improper handling of .zip file while doing extraction via php_zip_make_relative_path function in php_zip.c file.

Affected

PHP version prior to 5.2.9

References

http://www.openwall.com/lists/oss-security/2009/04/01/9
http://www.php.net/releases/5_2_9.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1272

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Acrobat PDF File Denial Of Service Vulnerability
Denial of Service (DoS) in Microsoft SMS Client
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
Compaq Web SSI DoS
Firefox XUL Parsing Denial of Service Vulnerability (Linux)

Denial Of Service Vulnerability in PHP April-09

Take action and discover your vulnerabilities