ID CVE-2009-4017
Summary PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 19:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2013-04-29T04:06:02.748-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    family unix
    id oval:org.mitre.oval:def:10483
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    version 30
  • accepted 2015-04-20T04:02:32.498-04:00
    class vulnerability
    contributors
    • name Chandan M C
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    family unix
    id oval:org.mitre.oval:def:6667
    status accepted
    submitted 2010-10-25T11:50:46.000-05:00
    title HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
    version 48
redhat via4
rpms
  • php-0:4.3.2-54.ent
  • php-0:4.3.9-3.29
  • php-0:5.1.6-24.el5_4.5
  • php-bcmath-0:5.1.6-24.el5_4.5
  • php-cli-0:5.1.6-24.el5_4.5
  • php-common-0:5.1.6-24.el5_4.5
  • php-dba-0:5.1.6-24.el5_4.5
  • php-debuginfo-0:4.3.2-54.ent
  • php-debuginfo-0:4.3.9-3.29
  • php-debuginfo-0:5.1.6-24.el5_4.5
  • php-devel-0:4.3.2-54.ent
  • php-devel-0:4.3.9-3.29
  • php-devel-0:5.1.6-24.el5_4.5
  • php-domxml-0:4.3.9-3.29
  • php-gd-0:4.3.9-3.29
  • php-gd-0:5.1.6-24.el5_4.5
  • php-imap-0:4.3.2-54.ent
  • php-imap-0:4.3.9-3.29
  • php-imap-0:5.1.6-24.el5_4.5
  • php-ldap-0:4.3.2-54.ent
  • php-ldap-0:4.3.9-3.29
  • php-ldap-0:5.1.6-24.el5_4.5
  • php-mbstring-0:4.3.9-3.29
  • php-mbstring-0:5.1.6-24.el5_4.5
  • php-mysql-0:4.3.2-54.ent
  • php-mysql-0:4.3.9-3.29
  • php-mysql-0:5.1.6-24.el5_4.5
  • php-ncurses-0:4.3.9-3.29
  • php-ncurses-0:5.1.6-24.el5_4.5
  • php-odbc-0:4.3.2-54.ent
  • php-odbc-0:4.3.9-3.29
  • php-odbc-0:5.1.6-24.el5_4.5
  • php-pdo-0:5.1.6-24.el5_4.5
  • php-pear-0:4.3.9-3.29
  • php-pgsql-0:4.3.2-54.ent
  • php-pgsql-0:4.3.9-3.29
  • php-pgsql-0:5.1.6-24.el5_4.5
  • php-snmp-0:4.3.9-3.29
  • php-snmp-0:5.1.6-24.el5_4.5
  • php-soap-0:5.1.6-24.el5_4.5
  • php-xml-0:5.1.6-24.el5_4.5
  • php-xmlrpc-0:4.3.9-3.29
  • php-xmlrpc-0:5.1.6-24.el5_4.5
refmap via4
apple APPLE-SA-2010-03-29-1
bugtraq 20091120 PHP "multipart/form-data" denial of service
confirm
debian DSA-1940
fulldisc 20091120 PHP "multipart/form-data" denial of service
hp
  • HPSBMA02568
  • HPSBUX02543
  • SSRT100152
  • SSRT100219
mandriva
  • MDVSA-2009:303
  • MDVSA-2009:305
misc http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
mlist
  • [oss-security] 20091120 CVE request: php 5.3.1 update
  • [oss-security] 20091120 Re: CVE request: php 5.3.1 update
  • [php-announce] 20091119 5.3.1 Release announcement
secunia
  • 37482
  • 37821
  • 40262
  • 41480
  • 41490
vupen ADV-2009-3593
xf php-multipart-formdata-dos(54455)
Last major update 10-10-2018 - 19:48
Published 24-11-2009 - 00:30
Last modified 10-10-2018 - 19:48
Back to Top