Denial of Service : PHP 'mbstring.func_overload' DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800373

Categoría: Denial of Service

Título: PHP 'mbstring.func_overload' DoS Vulnerability

Resumen: PHP is prone to a denial of service vulnerability.

Descripción: Summary:
PHP is prone to a denial of service vulnerability.

Vulnerability Insight:
This bug is due to an error in 'mbstring.func_overload' setting in .htaccess
file. It can be exploited via modifying behavior of other sites hosted on
the same web server which causes this setting to be applied to other virtual
hosts on the same server.

Vulnerability Impact:
Successful exploitation will let the local attackers to crash an affected web server.

Affected Software/OS:
PHP version 4.4.4 and prior

PHP 5.1.x to 5.1.6

PHP 5.2.x to 5.2.5

Solution:
Update to version 4.4.5, 5.1.7, 5.2.6 or later.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0754
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.openwall.com/lists/oss-security/2009/01/30/1
http://www.openwall.com/lists/oss-security/2009/02/03/3
http://www.openwall.com/lists/oss-security/2009/02/25/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.securitytracker.com/id?1021979
http://secunia.com/advisories/34642
http://secunia.com/advisories/34830
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35306
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
https://usn.ubuntu.com/761-1/

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800373
Categoría:	Denial of Service
Título:	PHP 'mbstring.func_overload' DoS Vulnerability
Resumen:	PHP is prone to a denial of service vulnerability.
Descripción:	Summary: PHP is prone to a denial of service vulnerability. Vulnerability Insight: This bug is due to an error in 'mbstring.func_overload' setting in .htaccess file. It can be exploited via modifying behavior of other sites hosted on the same web server which causes this setting to be applied to other virtual hosts on the same server. Vulnerability Impact: Successful exploitation will let the local attackers to crash an affected web server. Affected Software/OS: PHP version 4.4.4 and prior PHP 5.1.x to 5.1.6 PHP 5.2.x to 5.2.5 Solution: Update to version 4.4.5, 5.1.7, 5.2.6 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0754 Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://www.securitytracker.com/id?1021979 http://secunia.com/advisories/34642 http://secunia.com/advisories/34830 http://secunia.com/advisories/35003 http://secunia.com/advisories/35007 http://secunia.com/advisories/35306 SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html https://usn.ubuntu.com/761-1/
Copyright	Copyright (C) 2009 Greenbone Networks GmbH