PHP FastCGI Module File Extension Denial Of Service Vulnerabilities Network Vulnerability

Summary

PHP is prone to a denial-of-service vulnerability because the application fails to handle certain file requests. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP 4.4 prior to 4.4.9 and PHP 5.2 through 5.2.6 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://support.avaya.com/elmodocs2/security/ASA-2009-161.htm
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.php.net
http://www.php.net/ChangeLog-5.php#5.2.8
http://www.securityfocus.com/bid/31612

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3660

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Struts2 'XWork' Information Disclosure Vulnerability
AlienForm CGI script
Advanced Image Hosting Cross Site Scripting Vulnerability
3Com NBX VoIP NetSet Detection
Apache Tomcat Multiple Vulnerabilities June-09

Take action and discover your vulnerabilities