Description

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Remediation

References

CVE-2008-3660

Related Vulnerabilities

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

WordPress Plugin VikRentCar Car Rental Management System Cross-Site Request Forgery (1.1.6)

WordPress Plugin Easy Registration Forms Cross-Site Scripting (2.1.1)

Oracle Application Server Other Vulnerability (CVE-2005-3452)

WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6)

Severity

Medium

Classification

CVE-2008-3660 CWE-20

Tags

Missing Update Known Vulnerabilities