#VU32831 Input validation error in PHP


Published: 2020-07-29

Vulnerability identifier: #VU32831

Vulnerability risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C]

CVE-ID: CVE-2011-4885

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.3.0 - 5.3.8

External links
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://secunia.com/advisories/47404
http://secunia.com/advisories/48668
http://support.apple.com/kb/HT5281
http://svn.php.net/viewvc?view=revision&revision=321003
http://svn.php.net/viewvc?view=revision&revision=321040
http://www.debian.org/security/2012/dsa-2399
http://www.exploit-db.com/exploits/18296
http://www.exploit-db.com/exploits/18305
http://www.kb.cert.org/vuls/id/903934
http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.redhat.com/support/errata/RHSA-2012-0019.html
http://www.securityfocus.com/bid/51193
http://www.securitytracker.com/id?1026473
http://exchange.xforce.ibmcloud.com/vulnerabilities/72021
http://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


Gentoo update for PHP
Amazon Linux AMI update for php
Amazon Linux AMI update for php
Input validation error in php (Alpine package)
Input validation error in PHP