OSVDB ID: 84279

Title: PHP on Apache php_default_post_reader POST Request Handling Overflow DoS

Info

Disclosure

Mar 26, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PHP on Apache is prone to an overflow condition. This issue is triggered when a POST request that exceeds post_max_size is sent to the php_default_post_reader directive. This will result in an overflow, which will allow an attacker to cause a denial of service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the CVS/GIT repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.

Products

The PHP Group

PHP

5.2.1

References

Vendor URL: http://www.php.net/
Vendor Specific News/Changelog Entry: https://bugs.php.net/bug.php?id=40921

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84279