Описание
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.3.10-1ubuntu1 |
| hardy | released | 5.2.4-2ubuntu5.22 |
| lucid | released | 5.3.2-1ubuntu4.13 |
| maverick | released | 5.3.3-1ubuntu9.9 |
| natty | released | 5.3.5-1ubuntu7.6 |
| oneiric | released | 5.3.6-13ubuntu3.5 |
| upstream | released | 5.3.9 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
The PDORow implementation in PHP before 5.3.9 does not properly intera ...
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Уязвимость реализации PDORow интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2