← Back

CVE-2009-4017

nvd nist
Published: Nov 24, 2009Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Affected (14)

Php
1 product
Php
Apple
1 product
Mac Os X
Debian
1 product
Debian Linux
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Php
Php
Before 5.2.12
Php
Version 5.3.0
Php
Version 5.3.0 alpha1
Php
Version 5.3.0 alpha2
Php
Version 5.3.0 alpha3
Php
Version 5.3.0 beta1
Php
Version 5.3.0 rc1
Php
Version 5.3.0 rc2
Php
Version 5.3.0 rc3
Php
Version 5.3.0 rc4
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Version 10.6.3
Debian
Debian Linux
Version 4.0
Debian Linux
Version 5.0
Debian Linux
Version 6.0

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (50)

Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListRelease Notes
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Mailing ListPatch
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Release Notes
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListRelease Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.