PHP Built-in WebServer 'Content-Length' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running PHP Built-in WebServer and is prone to denial of service vulnerability.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial-of-service condition. Impact Level: Application NOTE: This NVT reports, If similar vulnerability present in different web-server.

Solution

Upgrade to PHP 5.4.1RC1-DEV or 5.5.0-DEV or later. For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error when processing HTTP request with a large 'Content-Length' header value and can be exploited to cause a denial of service via a specially crafted packet.

Affected

PHP version 5.4.0

References

http://packetstormsecurity.org/files/111163/PHP-5.4.0-Denial-Of-Service.html
http://www.exploit-db.com/exploits/18665
http://www.securityfocus.com/bid/52704
http://xforce.iss.net/xforce/xfdb/74317
https://bugs.php.net/bug.php?id=61461

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
Null HTTPd Server Content-Length HTTP Header Buffer overflow Vulnerability
CERN httpd CGI name heap overflow
IIS directory traversal
Mongoose Web Server Remote Buffer Overflow Vulnerability

PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability

Take action and discover your vulnerabilities