Signature Detail

HTTP: Apache PHP Module Invalid Headers Denial of Service

This signature detects attempts to exploit a known vulnerability against the Apache HTTP daemon. PHP versions 4.2.0 and 4.2.1 running on Apache 1.3.26 are vulnerable. Attackers can use invalid headers in an HTTP request to crash the Apache HTTP daemon; the daemon might require a manual restart.

Extended Description

PHP is a widely deployed scripting language, designed for web based development and CGI programming. PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed. PHP is invoked through webservers remotely. It may be possible for remote attackers to execute this vulnerability to gain access to target systems. A vulnerable PHP interpreter module is available for Apache servers that is often enabled by default.

Affected Products

• Kasenna MediaBase 4.0.1
• PHP 3.0.0 0
• PHP 3.0.0 .10
• PHP 3.0.0 .11
• PHP 3.0.0 .12
• PHP 3.0.0 .13
• PHP 3.0.0 .16
• PHP 3.0.1
• PHP 3.0.10
• PHP 3.0.11
• PHP 3.0.12
• PHP 3.0.13
• PHP 3.0.14
• PHP 3.0.15
• PHP 3.0.16
• PHP 3.0.17
• PHP 3.0.18
• PHP 3.0.2
• PHP 3.0.3
• PHP 3.0.4
• PHP 3.0.5
• PHP 3.0.6
• PHP 3.0.7
• PHP 3.0.8
• PHP 3.0.9
• PHP 4.0.0 0
• PHP 4.0.1
• PHP 4.0.1 Pl1
• PHP 4.0.1 Pl2
• PHP 4.0.2
• PHP 4.0.3
• PHP 4.0.3 Pl1
• PHP 4.0.4
• PHP 4.0.5
• PHP 4.0.6
• PHP 4.0.7
• PHP 4.0.7 RC1
• PHP 4.0.7 RC2
• PHP 4.0.7 RC3
• PHP 4.1.0 .0
• PHP 4.1.1

References

• BugTraq: 4183
• CVE: CVE-2002-0081
• URL: http://www.securiteam.com/securitynews/5XP0N0K7PY.html
• URL: http://www.securiteam.com/exploits/5TP01156KS.html