PHP is prone to a remote denial-of-service vulnerability.
Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition.
Information
Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Slackware Slackware Linux 14.1
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux -current
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 7
PHP PHP 5.6.5
PHP PHP 5.6.4
PHP PHP 5.6.1
PHP PHP 5.5.21
PHP PHP 5.5.14
PHP PHP 5.5.13
PHP PHP 5.5.12
PHP PHP 5.5.11
PHP PHP 5.5.10
PHP PHP 5.5.6
PHP PHP 5.5.5
PHP PHP 5.5.4
PHP PHP 5.5.3
PHP PHP 5.5.1
PHP PHP 5.5
PHP PHP 5.4.37
PHP PHP 5.4.30
PHP PHP 5.4.29
PHP PHP 5.4.26
PHP PHP 5.4.25
PHP PHP 5.4.17
PHP PHP 5.4.14
PHP PHP 5.4.8
PHP PHP 5.4.7
PHP PHP 5.4.6
PHP PHP 5.4.4
PHP PHP 5.4.3
PHP PHP 5.4.2
PHP PHP 5.4.1
PHP PHP 5.6.8
PHP PHP 5.6.7
PHP PHP 5.6.6
PHP PHP 5.6.3
PHP PHP 5.6.2
PHP PHP 5.6
PHP PHP 5.5.9
PHP PHP 5.5.8
PHP PHP 5.5.7
PHP PHP 5.5.24
PHP PHP 5.5.23
PHP PHP 5.5.22
PHP PHP 5.5.20
PHP PHP 5.5.2
PHP PHP 5.5.19
PHP PHP 5.5.18
PHP PHP 5.5.17
PHP PHP 5.5.16
PHP PHP 5.5.15
PHP PHP 5.4.9
PHP PHP 5.4.5
PHP PHP 5.4.40
PHP PHP 5.4.39
PHP PHP 5.4.38
PHP PHP 5.4.36
PHP PHP 5.4.35
PHP PHP 5.4.34
PHP PHP 5.4.33
PHP PHP 5.4.32
PHP PHP 5.4.31
PHP PHP 5.4.28
PHP PHP 5.4.27
PHP PHP 5.4.24
PHP PHP 5.4.23
PHP PHP 5.4.22
PHP PHP 5.4.21
PHP PHP 5.4.20
PHP PHP 5.4.19
PHP PHP 5.4.18
PHP PHP 5.4.16
PHP PHP 5.4.15
PHP PHP 5.4.13
PHP PHP 5.4.12
PHP PHP 5.4.11
PHP PHP 5.4.10
Oracle Solaris 11.3
Oracle Solaris 11.2
Oracle Linux 7
Oracle Linux 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
IBM Tealeaf Customer Experience 9.0.2
IBM Tealeaf Customer Experience 9.0.1
IBM Tealeaf Customer Experience 9.0
IBM Tealeaf Customer Experience 9.0.1A
IBM Tealeaf Customer Experience 9.0.0A
IBM Tealeaf Customer Experience 9.0
IBM Tealeaf Customer Experience 8.8
IBM Tealeaf Customer Experience 8.7
IBM Tealeaf Customer Experience 8.6
IBM Tealeaf Customer Experience 8.0
IBM Flex System Chassis Management Module 2PET
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6
Apple Mac OS X 10.9.5
Apple Mac Os X 10.10.4
Apple Mac Os X 10.10.3
Apple Mac OS X 10.10.2
Apple Mac OS X 10.10.1
Apple Mac OS X 10.10
AlienVault AlienVault 5.0.4
AlienVault AlienVault 5.1
AlienVault AlienVault 5.0
AlienVault AlienVault 4.15.2
AlienVault AlienVault 4.15.1
AlienVault AlienVault 4.15
AlienVault AlienVault 4.14
AlienVault AlienVault 4.13
AlienVault AlienVault 4.12.1
AlienVault AlienVault 4.12
PHP PHP 5.5.25
PHP PHP 5.4.41
IBM Flex System Chassis Management Module 2PET14c-2.5.5c
Apple Mac Os X 10.10.5
AlienVault AlienVault 5.2
Exploit
Attackers can use standard, readily available tools to exploit this issue.
References:
- #69364: PHP Multipart/form-data remote dos Vulnerability (PHP)
- PHP 5 ChangeLog (PHP)
- PHP Homepage (PHP)
- APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 (Apple)
- Fixed bug #69364 - use smart_str to assemble strings (PHP)
- Oracle Linux Bulletin - January 2016 (Oracle)
- Oracle Solaris Third Party Bulletin - July 2015 (Oracle)
- Oracle Solaris Third Party Bulletin - July 2017 (Oracle)
- Security Advisory - AlienVault v5.2 addresses 55 vulnerabilities (AlienVault)
- Security Advisory Important: php security and bug fix update (Redhat)
- Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Manag (IBM)
- swg21972384 : IBM Tealeaf Customer Experience PCA Web UI PHP security issues (IBM)