Signature Detail

HTTP: Apache Multipart Form-Data Denial of Service

This signature detects attempts to exploit a known vulnerability against the Apache daemon with PHP support. Apache 1.3.x with php_4.0.6 is vulnerable. Attackers can send a multipart/form-data POST request to crash the Apache daemon process.

Extended Description

A vulnerability has been reported for PHP versions 4.2.0 and 4.2.1. It is possible for a remote attacker to cause the PHP interpreter to crash the web server on a vulnerable system and execute malicious, attacker supplied code. The vulnerability is the result of the PHP interpreter incorrectly parsing MIME headers when HTTP POST commands are received. When PHP receives a malformed POST request, it generates an error condition that is improperly handled. As a result, the attacker may cause the web server to crash and possibly execute supplied code.

Affected Products

• PHP 4.2.0 .0
• PHP 4.2.1

References

• BugTraq: 5278
• CVE: CVE-2002-0717
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1463.html
• URL: http://www.kb.cert.org/vuls/id/929115
• URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0717