Short Name |
HTTP:PHP:PHP-EXCEPTN-HAND-DOS |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PHP exception toString Denial of Service |
Release Date |
2017/02/02 |
Update Number |
2826 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A denial of service vulnerability has been reported in PHP. The vulnerability is due to improper handling of exception objects who refer to themselves as the previous exception in the __toString method. A remote attacker could exploit this vulnerability by sending maliciously crafted data to the unserialize method and invoking the __toString method on the unserialized object. Successful exploitation of this vulnerability could lead to denial of service.
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')