Denial Of Service Vulnerability In PHP April-09 Network Vulnerability

Summary

The host is installed with PHP and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could result in denial of service condition. Impact Level: Application

Solution

Upgrade to PHP version 5.2.9 or above, http://www.php.net/downloads.php Workaround: For workaround refer below link, http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15

Insight

Improper handling of .zip file while doing extraction via php_zip_make_relative_path function in php_zip.c file.

Affected

PHP version prior to 5.2.9

References

http://www.openwall.com/lists/oss-security/2009/04/01/9
http://www.php.net/releases/5_2_9.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1272
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

chm2pdf Insecure Temporary File Creation or DoS Vulnerability
Denial of Service (DoS) in Microsoft SMS Client
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
avast! AntiVirus Multiple BOF Vulnerabilities (Linux)
CUPS Denial of Service Vulnerability - Jun09

Denial Of Service Vulnerability in PHP April-09

Take action and discover your vulnerabilities