PHP Pdo_sql_parser.re 'PDO' Extension DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Upgrade to PHP Version 5.3.14 or 5.4.4 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the PDO extension in pdo_sql_parser.re file, which fails to determine the end of the query string during parsing of prepared statements.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4 on Windows

References

http://seclists.org/bugtraq/2012/Jun/60
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3450

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
Wireshark IKE Packet Denial of Service Vulnerability (Win)
Trend Micro OfficeScan Client Denial Of Service Vulnerability
WinFTP Server PASV Command Denial of Service Vulnerability
Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows)

PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)

Take action and discover your vulnerabilities