CVE-2009-4017

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.12 PHP versions 5.3.x prior to 5.3.1

Description The issue allows remote attackers to cause a denial of service due to resource exhaustion by creating multiple temporary files when handling a multipart/form-data POST request. This also makes it easier for remote attackers to exploit local file inclusion vulnerabilities via multiple requests, related to the lack of support for the max file uploads directive.

Recommendations For PHP versions prior to 5.2.12, update to version 5.2.12 or later. For PHP versions 5.3.x prior to 5.3.1, update to version 5.3.1 or later.