PHP Pdo_sql_parser.re 'PDO' Extension DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Upgrade to PHP Version 5.3.14 or 5.4.4 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the PDO extension in pdo_sql_parser.re file, which fails to determine the end of the query string during parsing of prepared statements.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4 on Windows

References

http://seclists.org/bugtraq/2012/Jun/60
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3450

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Wireshark IKE Packet Denial of Service Vulnerability (Win)
Perl Denial of Service Vulnerability Jan 2015 (Windows)
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
ZNC NULL Pointer Dereference Denial Of Service Vulnerability
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Linux

PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)

Take action and discover your vulnerabilities