PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability



PHP is prone to a remote denial-of-service vulnerability.

Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition.

Information

Bugtraq ID: 74903
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2015-4024

Remote: Yes
Local: No
Published: May 14 2015 12:00AM
Updated: Jul 21 2017 01:07PM
Credit: Shusheng Liu
Vulnerable: Ubuntu Ubuntu Linux 15.04
Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Slackware Slackware Linux 14.1
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux -current
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 7
PHP PHP 5.6.5
PHP PHP 5.6.4
PHP PHP 5.6.1
PHP PHP 5.5.21
PHP PHP 5.5.14
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.5.13
PHP PHP 5.5.12
PHP PHP 5.5.11
PHP PHP 5.5.10
PHP PHP 5.5.6
PHP PHP 5.5.5
PHP PHP 5.5.4
PHP PHP 5.5.3
PHP PHP 5.5.1
PHP PHP 5.5
PHP PHP 5.4.37
PHP PHP 5.4.30
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.4.29
PHP PHP 5.4.26
PHP PHP 5.4.25
PHP PHP 5.4.17
PHP PHP 5.4.14
PHP PHP 5.4.8
PHP PHP 5.4.7
PHP PHP 5.4.6
PHP PHP 5.4.4
PHP PHP 5.4.3
PHP PHP 5.4.2
PHP PHP 5.4.1
PHP PHP 5.6.8
PHP PHP 5.6.7
PHP PHP 5.6.6
PHP PHP 5.6.3
PHP PHP 5.6.2
PHP PHP 5.6
PHP PHP 5.5.9
PHP PHP 5.5.8
PHP PHP 5.5.7
PHP PHP 5.5.24
PHP PHP 5.5.23
PHP PHP 5.5.22
PHP PHP 5.5.20
PHP PHP 5.5.2
PHP PHP 5.5.19
PHP PHP 5.5.18
PHP PHP 5.5.17
PHP PHP 5.5.16
PHP PHP 5.5.15
PHP PHP 5.4.9
PHP PHP 5.4.5
PHP PHP 5.4.40
PHP PHP 5.4.39
PHP PHP 5.4.38
PHP PHP 5.4.36
PHP PHP 5.4.35
PHP PHP 5.4.34
PHP PHP 5.4.33
PHP PHP 5.4.32
PHP PHP 5.4.31
PHP PHP 5.4.28
PHP PHP 5.4.27
PHP PHP 5.4.24
PHP PHP 5.4.23
PHP PHP 5.4.22
PHP PHP 5.4.21
PHP PHP 5.4.20
PHP PHP 5.4.19
PHP PHP 5.4.18
PHP PHP 5.4.16
PHP PHP 5.4.15
PHP PHP 5.4.13
PHP PHP 5.4.12
PHP PHP 5.4.11
PHP PHP 5.4.10
Oracle Solaris 11.3
Oracle Solaris 11.2
Oracle Linux 7
Oracle Linux 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
IBM Tealeaf Customer Experience 9.0.2
IBM Tealeaf Customer Experience 9.0.1
IBM Tealeaf Customer Experience 9.0
IBM Tealeaf Customer Experience 9.0.1A
IBM Tealeaf Customer Experience 9.0.0A
IBM Tealeaf Customer Experience 9.0
IBM Tealeaf Customer Experience 8.8
IBM Tealeaf Customer Experience 8.7
IBM Tealeaf Customer Experience 8.6
IBM Tealeaf Customer Experience 8.0
IBM Flex System Chassis Management Module 2PET
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6
Apple Mac OS X 10.9.5
Apple Mac Os X 10.10.4
Apple Mac Os X 10.10.3
Apple Mac OS X 10.10.2
Apple Mac OS X 10.10.1
Apple Mac OS X 10.10
AlienVault AlienVault 5.0.4
AlienVault AlienVault 5.1
AlienVault AlienVault 5.0
AlienVault AlienVault 4.15.2
AlienVault AlienVault 4.15.1
AlienVault AlienVault 4.15
AlienVault AlienVault 4.14
AlienVault AlienVault 4.13
AlienVault AlienVault 4.12.1
AlienVault AlienVault 4.12


Not Vulnerable: PHP PHP 5.6.9
PHP PHP 5.5.25
PHP PHP 5.4.41
IBM Flex System Chassis Management Module 2PET14c-2.5.5c
Apple Mac Os X 10.10.5
AlienVault AlienVault 5.2


Exploit


Attackers can use standard, readily available tools to exploit this issue.


Related Posts