Description

This alert was generated using only banner information. It may be a false positive.

A vulnerability has been reported for PHP versions 4.2.0 and 4.2.1.The vulnerability is the result of the PHP interpreter incorrectly parsing MIME headers when HTTP POST commands are received. When PHP receives a malformed POST request, it generates an error condition that is improperly handled. As a result, the attacker may cause the web server to crash and possibly execute supplied code.

Affected PHP versions (4.2.0, 4.2.1).

Remediation

Upgrade PHP to the latest version.

References

BID 5278

PHP Homepage

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2020-25097)

WordPress Plugin Limit Attempts by BestWebSoft Multiple Vulnerabilities (1.0.3)

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0145)

Oracle Database Server CVE-2010-0900 Vulnerability (CVE-2010-0900)

Severity

Medium

Classification

CVE-2002-0717 CWE-20 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Denial Of Service Missing Update Code Execution