HTTP: PHP CDF File Handling Infinite Loop DOS

This signature detects attempts to exploit a known vulnerability in PHP. A successful attack can result in infinite loop which will cause the denial of service condition.

Extended Description

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

Affected Products

Debian debian_linux

References

BugTraq: 67651

CVE: CVE-2014-0238

Short Name
HTTP:PHP:CDF-INFINITE-LOOP-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CDF CVE-2014-0238 DOS File Handling Infinite Loop PHP bid:67651
Release Date
08/11/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Php

Debian

CVSS Score

5.0

Found a potential security threat?