Published: 31/12/2002 Updated: 05/09/2008

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

php.exe in PHP 3.0 up to and including 4.2.2, when running on Apache, does not terminate properly, which allows remote malicious users to cause a denial of service via a direct request without arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 3.0.1
php php 3.0.11
php php 3.0.16
php php 3.0.18
php php 3.0.8
php php 4.0
php php 4.0.4
php php 4.0.6
php php 4.1.0
php php 4.1.2
php php 4.2.1
php php 3.0.12
php php 3.0.13
php php 3.0.14
php php 3.0.15
php php 4.0.1
php php 4.0.2
php php 4.0.3
php php 4.2.2
php php 3.0.3
php php 3.0.4
php php 3.0.5
php php 3.0.6
php php 3.0.7
php php 4.0.7
php php 3.0.10
php php 3.0.17
php php 3.0.2
php php 3.0.9
php php 4.0.5
php php 4.1.1
php php 4.2.0

source: wwwsecurityfocuscom/bid/5280/info It is possible, under some circumstances, for remote attackers to invoke the PHP interpreter from the web If the interpreter is invoked with no command line options, it will hang Attackers may exploit this condition to cause a denial of service This is reported to be a problem with PHP and Apa ...

CWE-399 http://online.securityfocus.com/archive/1/283586 http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000605.html http://www.securityfocus.com/bid/5280 http://www.iss.net/security_center/static/9646.php https://nvd.nist.gov https://www.exploit-db.com/exploits/21632/

CVE-2002-2309

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect