Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:php:php:5.2.5:rc1
There are 1 matching records.
Displaying matches 1 through 1.
Vuln ID Summary CVSS Severity

** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."

Published: May 31, 2013; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM