CVE-2002-0717

Name of the Vulnerable Software and Affected Versions PHP versions 4.2.0 through 4.2.1

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form. This is due to the PHP interpreter incorrectly parsing MIME headers when HTTP POST commands are received, generating an error condition that is not properly handled. As a result, an attacker may cause the web server to crash and possibly execute supplied code.

Recommendations For PHP version 4.2.0, update to a version that properly handles error conditions generated by malformed POST requests. For PHP version 4.2.1, update to a version that correctly parses MIME headers in HTTP POST commands to prevent improper memory freeing.