PHP Pdo_sql_parser.re 'PDO' Extension DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Upgrade to PHP Version 5.3.14 or 5.4.4 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the PDO extension in pdo_sql_parser.re file, which fails to determine the end of the query string during parsing of prepared statements.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4 on Windows

References

http://seclists.org/bugtraq/2012/Jun/60
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3450
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows)
Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Linux)
Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability
TYPSoft FTP 1.10
PHP 'mbstring.func_overload' DoS Vulnerability

PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)

Take action and discover your vulnerabilities