Информационная безопасность
[RU] switch to English


Многочисленные DoS-условия в PHP
Опубликовано:20 ноября 2007 г.
Источник:
SecurityVulns ID:8362
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные условия отказа в обслуживании.
Затронутые продукты:PHP : PHP 5.2
CVE:CVE-2007-5900
 CVE-2007-5899
 CVE-2007-5898
 CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.)
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.)
 CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.)
Оригинальный текстdocumentRPATH, rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl (20.11.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород