Description

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Remediation

References

CVE-2008-3660

Related Vulnerabilities

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Multiple Vulnerabilities (5.5.3)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.6)

WordPress Plugin VideoWhisper Video Presentation Arbitrary File Upload (3.31.17)

Oracle Database Server CVE-2016-5516 Vulnerability (CVE-2016-5516)

Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)

Severity

Medium

Classification

CVE-2008-3660 CWE-20

Tags

Missing Update Known Vulnerabilities