[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4017Date: (C)2009-11-23   (M)2024-04-19


PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/507982/100/0/threaded
SECUNIA-37482
SECUNIA-37821
SECUNIA-40262
SECUNIA-41480
SECUNIA-41490
ADV-2009-3593
APPLE-SA-2010-03-29-1
DSA-1940
HPSBMA02568
HPSBUX02543
MDVSA-2009:303
MDVSA-2009:305
http://www.openwall.com/lists/oss-security/2009/11/20/2
http://www.openwall.com/lists/oss-security/2009/11/20/7
http://news.php.net/php.announce/79
http://support.apple.com/kb/HT4077
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_12.php
http://www.php.net/releases/5_3_1.php
oval:org.mitre.oval:def:10483
oval:org.mitre.oval:def:6667
php-multipart-formdata-dos(54455)

CWE    1
CWE-770
OVAL    13
oval:org.secpod.oval:def:300962
oval:org.secpod.oval:def:100203
oval:org.secpod.oval:def:100773
oval:org.secpod.oval:def:700393
...

© SecPod Technologies