Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Resource Management Errors Vulnerability (CVE-2011-1657)

Description

The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.

Remediation

References

Related Vulnerabilities

WordPress Plugin Download from files Arbitrary File Upload (1.48)

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)

Grafana CVE-2022-39307 Vulnerability (CVE-2022-39307)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9518)

WordPress Plugin Contact Form Widget-Contact Query, Form Maker SQL Injection (1.0.9)

Severity

Medium

Classification

CVE-2011-1657

Tags

Missing Update Known Vulnerabilities