PHP Pdo_sql_parser.re 'PDO' Extension DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Upgrade to PHP Version 5.3.14 or 5.4.4 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the PDO extension in pdo_sql_parser.re file, which fails to determine the end of the query string during parsing of prepared statements.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4 on Windows

References

http://seclists.org/bugtraq/2012/Jun/60
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3450

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Linux
Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Mac OS X)
Wireshark SMB dissector Denial of Service Vulnerability (Windows)

PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)

Take action and discover your vulnerabilities