CVE-2009-4017
CVE-2009-4017
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/10242unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://marc.info/?l=bugtraq&m=127680701405735&w=2http://news.php.net/php.announce/79http://seclists.org/fulldisclosure/2009/Nov/228http://secunia.com/advisories/37482http://secunia.com/advisories/37821http://secunia.com/advisories/40262http://secunia.com/advisories/41480http://secunia.com/advisories/41490https://exchange.xforce.ibmcloud.com/vulnerabilities/54455https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667