Family: Denial of Service --> Category: infos
PHP Image File Format Denial Of Service Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for image file format denial of service vulnerabilities in PHP
Detailed Explanation for this Vulnerability Test
The remote web server is prone to denial of service attacks.
According to its banner, the version of PHP installed on the remote
host is vulnerable to a denial of service attack due to its failure to
properly validate file data in the routines 'php_handle_iff' and
'php_handle_jpeg', which are called by the PHP function
'getimagesize'. Using a specially crafted image file, a possible hacker can
trigger an infinite loop when 'getimagesize' is called, perhaps even
remotely in the case image uploads are allowed.
See also :
Upgrade to PHP 4.3.11 / 5.0.4 or later.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.