Description

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

Remediation

References

CVE-2015-4024

Related Vulnerabilities

Apache Tomcat Session Fixation Vulnerability (CVE-2019-17563)

Oracle Application Server CVE-2008-4014 Vulnerability (CVE-2008-4014)

WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Server-Side Request Forgery (2.1.6)

MediaWiki Improper Privilege Management Vulnerability (CVE-2021-44857)

Severity

Medium

Classification

CVE-2015-4024

Tags

Missing Update Known Vulnerabilities