Description

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.

Remediation

References

CVE-2009-4418

Related Vulnerabilities

MySQL CVE-2018-3285 Vulnerability (CVE-2018-3285)

Atlassian Jira Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-29453)

Oracle Application Server Other Vulnerability (CVE-2007-0283)

Joomla! Core 1.5.x Arbitrary File Upload (1.5.0 - 1.5.15)

WordPress Plugin WP Symposium A Social Network For WordPress Multiple SQL Injection Vulnerabilities (12.06.16)

Severity

Medium

Classification

CVE-2009-4418

Tags

Missing Update Known Vulnerabilities