CVE-2008-3660 in PHPinfo

Summary

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Once again VulDB remains the best source for vulnerability data.

Responsible

Reservation

08/12/2008

Disclosure

08/14/2008

Moderation

VulDB entry created

Entries

VDB-43710

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.3

EPSS

0.15974

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-3660
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3660
CVE Details	https://www.cvedetails.com/cve/CVE-2008-3660/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!