PHP HTTP POST incorrect MIME header parsing vulnerability

PHP HTTP POST incorrect MIME header parsing vulnerability

Published on 2004-03-27. Updated on 2007-03-20.

Description:

A vulnerability has been reported for PHP versions 4.2.0 and 4.2.1.The vulnerability is the result of the PHP interpreter incorrectly parsing MIME headers when HTTP POST commands are received. When PHP receives a malformed POST request, it generates an error condition that is improperly handled. As a result, the attacker may cause the web server to crash and possibly execute supplied code.

Affected PHP versions (4.2.0, 4.2.1).

Impact:
Possible code execution.

Recommendation:
Upgrade PHP to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : PHP
ApplicableOS: All
ApplicableWebServer: All

References:

BID 5278

PHP Homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking