Vulnerability Note VU#929115
PHP fails to properly parse the headers of HTTP POST requests
A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server.
PHP is a popular scripting language in widespread use. For more information about PHP, see http://www.php.net/manual/en/faq.general.php.
The vulnerability occurs in the portion of PHP code responsible for handling file uploads, specifically multipart/form-data. By sending a specially crafted POST request to the web server, an attacker can corrupt the internal data structures used by PHP. Specifically, an intruder can cause an improperly initialized memory structure to be freed. In most cases, an intruder can use this flaw to crash PHP or the web server. Under some circumstances, an intruder may be able to take advantage of this flaw to execute arbitrary code with the privileges of the web server.
A remote attacker can execute arbitrary code on a vulnerable system. An attacker may not be able to execute code on x86 architectures due to the way the stack is structured. However, an attacker can leverage this vulnerability to crash PHP and/or the web server running on an x86 architecture.
Apply a patch from your vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||22 Jul 2002||22 Jul 2002|
|FreeBSD||Affected||22 Jul 2002||22 Jul 2002|
|MandrakeSoft||Affected||22 Jul 2002||22 Jul 2002|
|PHP Development Team||Affected||-||22 Jul 2002|
|Apple Computer Inc.||Not Affected||22 Jul 2002||22 Jul 2002|
|Conectiva||Not Affected||-||23 Jul 2002|
|Cray Inc.||Not Affected||22 Jul 2002||22 Jul 2002|
|F5 Networks||Not Affected||22 Jul 2002||23 Jul 2002|
|Guardian Digital Inc.||Not Affected||-||22 Jul 2002|
|Hewlett-Packard Company||Not Affected||22 Jul 2002||25 Jul 2002|
|IBM||Not Affected||22 Jul 2002||22 Jul 2002|
|Microsoft Corporation||Not Affected||22 Jul 2002||22 Jul 2002|
|Network Appliance||Not Affected||22 Jul 2002||22 Jul 2002|
|Red Hat Inc.||Not Affected||22 Jul 2002||22 Jul 2002|
|SuSE Inc.||Not Affected||22 Jul 2002||22 Jul 2002|
CVSS Metrics (Learn More)
Thanks to e-matters Security for reporting this vulnerability.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2002-0717
- CERT Advisory: CA-2002-21
- Date Public: 22 Jul 2002
- Date First Published: 22 Jul 2002
- Date Last Updated: 30 May 2003
- Severity Metric: 42.53
- Document Revision: 35
If you have feedback, comments, or additional information about this vulnerability, please send us email.