CVE-2002-0717

PHP 4.2.0-4.2.1 - Denial of Service and Possible Remote Code Execution via Multipart Form Data Handling

Title source: llm
STIX 2.1

Description

PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.

References (5)

Core 5
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2002-21.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/929115
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9635.php
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102734515923277&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102734516023281&w=2

Scores

EPSS 0.0426
EPSS Percentile 88.9%

Details

Status published
Products (2)
php/php 4.2.0
php/php 4.2.1
Published Jul 26, 2002
Tracked Since Feb 18, 2026