CVE-2013-3735 in PHPinformação

Sumário (Inglês)

** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor s http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id."

Reservar

31/05/2013

Divulgação

31/05/2013

Inscrições

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidade	CWE	Exp	Con	CVE
8936	PHP Zend Server Elevação de Privilégios	20	Não definido	Correção oficial	CVE-2013-3735

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!