PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to PHP Version 5.4.3 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the 'apache_request_headers()' function, which can be exploited to cause a denial of service via a long string in the header of an HTTP request.

Affected

PHP Version 5.4.x before 5.4.3 on Windows

References

http://secunia.com/advisories/49014
http://www.php.net/ChangeLog-5.php#5.4.3
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.securityfocus.com/bid/53455
https://bugs.php.net/bug.php?id=61807
https://bugzilla.redhat.com/show_bug.cgi?id=820000

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2329

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

IrfanView Integer Overflow Vulnerability
Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities
Tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability
IrfanView Buffer Overflow Vulnerabilities
INN buffer overflow

Take action and discover your vulnerabilities