QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-4017

Back to search

CVE-2009-4017

Published: Nov 24, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

VendorProductVersions

n/a

n/a

affected
n/a

References

oval:org.mitre.oval:def:6667
vdb-entry
signature
x_refsource_OVAL
37482
third-party-advisory
x_refsource_SECUNIA
40262
third-party-advisory
x_refsource_SECUNIA
HPSBUX02543
vendor-advisory
x_refsource_HP
MDVSA-2009:305
vendor-advisory
x_refsource_MANDRIVA
37821
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
41490
third-party-advisory
x_refsource_SECUNIA
HPSBMA02568
vendor-advisory
x_refsource_HP
DSA-1940
vendor-advisory
x_refsource_DEBIAN
ADV-2009-3593
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:10483
vdb-entry
signature
x_refsource_OVAL
SSRT100219
vendor-advisory
x_refsource_HP
41480
third-party-advisory
x_refsource_SECUNIA
SSRT100152
vendor-advisory
x_refsource_HP
MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
php-multipart-formdata-dos(54455)
vdb-entry
x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now