Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-4017

Опубликовано: 24 нояб. 2009
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия до 5.2.12 (исключая)
cpe:2.3:a:php:php:5.3.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:rc4:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01304
Низкий

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2009-4017

ubuntu
больше 15 лет назад

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

redhat логотип

CVE-2009-4017

redhat
больше 15 лет назад

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

debian логотип

CVE-2009-4017

debian
больше 15 лет назад

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...

github логотип

GHSA-79rp-c2fh-g5j7

github
около 3 лет назад

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

oracle-oval логотип

ELSA-2010-0040

oracle-oval
больше 15 лет назад

ELSA-2010-0040: php security update (MODERATE)

EPSS

Процентиль: 79%
0.01304
Низкий

5 Medium

CVSS2

Дефекты

CWE-770