PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to PHP Version 5.4.3 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the 'apache_request_headers()' function, which can be exploited to cause a denial of service via a long string in the header of an HTTP request.

Affected

PHP Version 5.4.x before 5.4.3 on Windows

References

http://secunia.com/advisories/49014
http://www.php.net/ChangeLog-5.php#5.4.3
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.securityfocus.com/bid/53455
https://bugs.php.net/bug.php?id=61807
https://bugzilla.redhat.com/show_bug.cgi?id=820000

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2329

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
Pango Integer Buffer Overflow Vulnerability
KMPlayer '.mp3' File Remote Buffer Overflow Vulnerability
ImageMagick Multiple Denial of Service Vulnerabilities - 01 June13 (Windows)
VLC Media Player Stack Overflow Vulnerability (Lin-Mar09)

Take action and discover your vulnerabilities