CVE-2009-4017

PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

PHP v5.2.11, y v5.3.x antes de v5.3.1, no restringen el número de archivos temporales creados al manipular una solicitud POST multipart/form-data, lo que permite a atacantes remotos causar una denegación de servicio (por agotamiento de recursos), y facilita a los atacantes remotos aprovecharse de las vulnerabilidades de inclusión de archivos locales, a través de múltiples peticiones, en relación a la falta de apoyo a la directiva max_file_uploads.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-11-20 CVE Reserved
2009-11-24 CVE Published
2009-11-27 First Exploit
2024-02-16 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (28)

URL	Tag	Source
http://news.php.net/php.announce/79	Mailing List
http://seclists.org/fulldisclosure/2009/Nov/228	Mailing List
http://secunia.com/advisories/37482	Broken Link
http://secunia.com/advisories/37821	Broken Link
http://secunia.com/advisories/40262	Broken Link
http://secunia.com/advisories/41480	Broken Link
http://secunia.com/advisories/41490	Broken Link
http://support.apple.com/kb/HT4077	Third Party Advisory
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service	Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/20/7	Mailing List
http://www.php.net/releases/5_2_12.php	Release Notes
http://www.securityfocus.com/archive/1/507982/100/0/threaded	Broken Link
http://www.vupen.com/english/advisories/2009/3593	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/54455	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667	Broken Link

URL	Date	SRC
https://www.exploit-db.com/exploits/10242	2009-11-27

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2009/11/20/2	2024-02-15

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	2024-02-15
http://marc.info/?l=bugtraq&m=127680701405735&w=2	2024-02-15
http://www.debian.org/security/2009/dsa-1940	2024-02-15
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995	2024-02-15
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303	2024-02-15
http://www.mandriva.com/security/advisories?name=MDVSA-2009:305	2024-02-15
http://www.php.net/ChangeLog-5.php	2024-02-15
http://www.php.net/releases/5_3_1.php	2024-02-15
https://access.redhat.com/security/cve/CVE-2009-4017	2010-01-13
https://bugzilla.redhat.com/show_bug.cgi?id=540459	2010-01-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				< 5.2.12 Search vendor "Php" for product "Php" and version " < 5.2.12"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		alpha1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		alpha2		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		alpha3		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		beta1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		rc1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		rc2		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		rc3		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		rc4		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.6.3 Search vendor "Apple" for product "Mac Os X" and version "10.6.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0"		-		Affected