Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
PHP "multipart/form-data" denial of service
Nov 20 2009 12:01PM
Bogdan Calin (bogdan acunetix com)
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).
When you send a POST request to a PHP script with...
[ more ]
Copyright 2010, SecurityFocus