PHP Multiple Image Processing Functions File Handling DoS
Medium Nessus Plugin ID 17687
SynopsisThe remote web server is prone to denial of service attacks.
DescriptionAccording to its banner, the version of PHP installed on the remote host is vulnerable to a denial of service attack due to its failure to properly validate file data in the routines 'php_handle_iff' and 'php_handle_jpeg', which are called by the PHP function 'getimagesize'. Using a specially crafted image file, an attacker can trigger an infinite loop when 'getimagesize' is called, perhaps even remotely in the cases where image uploads are allowed.
SolutionUpgrade to PHP 4.3.11 / 5.0.4 or later.