Description

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Remediation

References

CVE-2008-3660

Related Vulnerabilities

Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-43808)

Liferay DXP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42120)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-4625)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2)

WordPress Plugin Starbox-the Author Box for Humans Cross-Site Scripting (3.0.8)

Severity

Medium

Classification

CVE-2008-3660 CWE-20

Tags

Missing Update Known Vulnerabilities