Summary
This host is running PHP and is prone to stack consumption vulnerability
Impact
Successful exploitation could allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
Impact Level: Network
Solution
Upgrade to PHP version 5.5.9 or later,
For updates refer to http://www.php.net/downloads.php
Insight
- The flaw exists due to error in 'filter_var()' function, when FILTER_VALIDATE_EMAIL mode is used while processing the long e-mail address string.
- A NULL pointer dereference vulnerability is exists in 'ZipArchive::getArchiveComment'.
Affected
PHP version 5.2 through 5.2.14 and 5.3 through 5.3.3
References
Severity
Classification
-
CVE CVE-2010-3709, CVE-2010-3710 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities