|
Family: Denial of Service --> Category: infos
PHP Image File Format Denial Of Service Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for image file format denial of service vulnerabilities in PHP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is prone to denial of service attacks.
Description :
According to its banner, the version of PHP installed on the remote
host is vulnerable to a denial of service attack due to its failure to
properly validate file data in the routines 'php_handle_iff' and
'php_handle_jpeg', which are called by the PHP function
'getimagesize'. Using a specially crafted image file, a possible hacker can
trigger an infinite loop when 'getimagesize' is called, perhaps even
remotely in the case image uploads are allowed.
See also :
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=222
http://www.securityfocus.com/archive/1/394797
http://www.php.net/release_4_3_11.php
Solution :
Upgrade to PHP 4.3.11 / 5.0.4 or later.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:N/A:C/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|