SecuritySpace - CVE-2013-3735

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2013-3735

Description: ** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web- hosting environment. NOTE: the vendor's http://php.net/security- note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-3735
https://bugs.php.net/bug.php?id=64660

CVE ID:	CVE-2013-3735
Description:	DISPUTED The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web- hosting environment. NOTE: the vendor's http://php.net/security- note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3735 https://bugs.php.net/bug.php?id=64660