Denial of Service : PHP 'mbstring.func_overload' DoS Vulnerability

Resumen de Precio/Funciones | Ordenar | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad

Búsqueda de Vulnerabilidad		Buscar 61204 Descripciones CVE y 32582 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800373

Categoría: Denial of Service

Título: PHP 'mbstring.func_overload' DoS Vulnerability

Resumen: Check for the version of PHP

Descripción:

Overview:
The host is running PHP and is prone to denial of service vulnerability.

Vulnerability Insight:
This bug is due to an error in 'mbstring.func_overload' setting in .htaccess
file. It can be exploited via modifying behavior of other sites hosted on
the same web server which causes this setting to be applied to other virtual
hosts on the same server.

Impact:
Successful exploitation will let the local attackers to crash an affected web
server.

Impact Level: Application

Affected Software/OS:
PHP version 4.4.4 and prior
PHP 5.1.x to 5.1.6
PHP 5.2.x to 5.2.5

Fix: No solution or patch is available as of 17th March, 2009. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.php.net

References:
http://bugs.php.net/bug.php?id=27421
https://bugzilla.redhat.com/show_bug.cgi?id=479272

Referencia Cruzada: BugTraq ID: 33542
Common Vulnerability Exposure (CVE) ID: CVE-2009-0754
http://www.openwall.com/lists/oss-security/2009/01/30/1
http://www.openwall.com/lists/oss-security/2009/02/03/3
http://www.openwall.com/lists/oss-security/2009/02/25/3
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.redhat.com/support/errata/RHSA-2009-0350.html
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://www.ubuntulinux.org/support/documentation/usn/usn-761-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11035
http://www.securitytracker.com/id?1021979
http://secunia.com/advisories/34642
http://secunia.com/advisories/34830
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35306

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:

Usuario:

Contraseña:

Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.

Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.

Privacidad

Ingreso de Usuario Registrado

Usuario:

Contraseña:

¿Olvidó su usuario o contraseña??

Email/ID de Usario:

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800373
Categoría:	Denial of Service
Título:	PHP 'mbstring.func_overload' DoS Vulnerability
Resumen:	Check for the version of PHP
Descripción:	Overview: The host is running PHP and is prone to denial of service vulnerability. Vulnerability Insight: This bug is due to an error in 'mbstring.func_overload' setting in .htaccess file. It can be exploited via modifying behavior of other sites hosted on the same web server which causes this setting to be applied to other virtual hosts on the same server. Impact: Successful exploitation will let the local attackers to crash an affected web server. Impact Level: Application Affected Software/OS: PHP version 4.4.4 and prior PHP 5.1.x to 5.1.6 PHP 5.2.x to 5.2.5 Fix: No solution or patch is available as of 17th March, 2009. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.php.net References: http://bugs.php.net/bug.php?id=27421 https://bugzilla.redhat.com/show_bug.cgi?id=479272
Referencia Cruzada:	BugTraq ID: 33542 Common Vulnerability Exposure (CVE) ID: CVE-2009-0754 http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://www.redhat.com/support/errata/RHSA-2009-0350.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.ubuntulinux.org/support/documentation/usn/usn-761-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11035 http://www.securitytracker.com/id?1021979 http://secunia.com/advisories/34642 http://secunia.com/advisories/34830 http://secunia.com/advisories/35003 http://secunia.com/advisories/35007 http://secunia.com/advisories/35306
Copyright	Copyright (C) 2009 Greenbone Networks GmbH