HTTP: Apache Multipart Form-Data Denial of Service

This signature detects attempts to exploit a known vulnerability against the Apache daemon with PHP support. Apache 1.3.x with php_4.0.6 is vulnerable. Attackers can send a multipart/form-data POST request to crash the Apache daemon process.

Extended Description

A vulnerability has been reported for PHP versions 4.2.0 and 4.2.1. It is possible for a remote attacker to cause the PHP interpreter to crash the web server on a vulnerable system and execute malicious, attacker supplied code. The vulnerability is the result of the PHP interpreter incorrectly parsing MIME headers when HTTP POST commands are received. When PHP receives a malformed POST request, it generates an error condition that is improperly handled. As a result, the attacker may cause the web server to crash and possibly execute supplied code.

Affected Products

Php php

References

BugTraq: 5278

CVE: CVE-2002-0717

URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1463.html http://www.kb.cert.org/vuls/id/929115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0717

Short Name

HTTP:APACHE:PHP-DOS

Severity

Minor

Recommended

False

Recommended Action

None

HTTP: Apache Multipart Form-Data Denial of Service

Extended Description

Affected Products

References

Found a potential security threat?