CVE-2009-4017

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.12 PHP versions 5.3.x prior to 5.3.1

Description The issue allows remote attackers to cause a denial of service due to resource exhaustion by creating multiple temporary files when handling a multipart/form-data POST request. This also makes it easier for remote attackers to exploit local file inclusion vulnerabilities via multiple requests, related to the lack of support for the max file uploads directive.

Recommendations For PHP versions prior to 5.2.12, update to version 5.2.12 or later. For PHP versions 5.3.x prior to 5.3.1, update to version 5.3.1 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2009-4017

DSA-1940-1

HPSBUX02543

RHSA-2010:0040

RHSA-2010_0040

Affected Products

Hp-Ux

Php

Red Hat

CVE-2009-4017

Weakness Enumeration

Related Identifiers

Affected Products

References · 65