PHP Multiple Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation could allow remote attackers to cause denial of service conditions. Impact Level: Application

Solution

Upgrade to PHP version 5.4.0 or later, For updates refer to http://php.net/downloads.php

Insight

Multiple flaws are due to - An error in application which makes calls to the 'zend_strndup()' function without checking the returned values. A local user can run specially crafted PHP code to trigger a null pointer dereference in zend_strndup() and cause the target service to crash. - An error in 'tidy_diagnose' function, which might allows remote attackers to cause a denial of service via crafted input.

Affected

PHP Version 5.3.8 on Windows.

References

http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
http://cxsecurity.com/research/103
http://securitytracker.com/id/1026524
http://www.exploit-db.com/exploits/18370/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4153, CVE-2012-0781
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
CUPS Empty UDP Datagram DoS Vulnerability
Denial Of Service Vulnerability in PHP April-09
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)

PHP Multiple Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities