This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PHP:FILEINFO-DOS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
PHP Fileinfo Call Stack Exhaustion Denial of Service
|
Release Date |
2014/03/19
|
Update Number |
2355
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: PHP Fileinfo Call Stack Exhaustion Denial of Service
This signature detects attempts to exploit a known vulnerability against PHP Fileinfo. A successful attack can result in a denial-of-service condition.
Extended Description
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
Affected Products
- Fine_free_file_project fine_free_file 5.0
- Fine_free_file_project fine_free_file 5.1
- Fine_free_file_project fine_free_file 5.10
- Fine_free_file_project fine_free_file 5.11
- Fine_free_file_project fine_free_file 5.12
- Fine_free_file_project fine_free_file 5.13
- Fine_free_file_project fine_free_file 5.14
- Fine_free_file_project fine_free_file 5.15
- Fine_free_file_project fine_free_file 5.16
- Fine_free_file_project fine_free_file 5.2
- Fine_free_file_project fine_free_file 5.3
- Fine_free_file_project fine_free_file 5.4
- Fine_free_file_project fine_free_file 5.7
- Fine_free_file_project fine_free_file 5.8
- Fine_free_file_project fine_free_file 5.9
References