Description
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Remediation
References
Related Vulnerabilities
WordPress Plugin BrewMaster Multiple Cross-Site Scripting Vulnerabilities (1.0)
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)
Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)
WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)