PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to PHP Version 5.4.3 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the 'apache_request_headers()' function, which can be exploited to cause a denial of service via a long string in the header of an HTTP request.

Affected

PHP Version 5.4.x before 5.4.3 on Windows

References

http://secunia.com/advisories/49014
http://www.php.net/ChangeLog-5.php#5.4.3
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.securityfocus.com/bid/53455
https://bugs.php.net/bug.php?id=61807
https://bugzilla.redhat.com/show_bug.cgi?id=820000

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2329
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Simple Web Server Connection Header Buffer Overflow Vulnerability
FileZilla Server Buffer Overflow Vulnerability
Monkey HTTPD Host Header Buffer Overflow Vulnerability
Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
UnrealIRCd User Authentication Buffer Overflow Vulnerability

Take action and discover your vulnerabilities