CVE-2002-2309

PHP 3.0-4.2.2 - Denial of Service via Direct Request Without Arguments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2309. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in PHP when invoked without command-line arguments on Apache servers, particularly on Windows platforms. It repeatedly sends HTTP requests to the PHP binary path, causing the server to hang and exhaust CGI resources.

Description

php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Matthew Murphy · cdosunix
https://www.exploit-db.com/exploits/21632

This exploit targets a denial-of-service vulnerability in PHP when invoked without command-line arguments on Apache servers, particularly on Windows platforms. It repeatedly sends HTTP requests to the PHP binary path, causing the server to hang and exhaust CGI resources.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP on Apache (Windows platforms)
No auth needed
Prerequisites: PHP configured on Apache with a virtual path to the PHP binary · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/283586
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000605.html
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9646.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5280

Scores

EPSS 0.0406
EPSS Percentile 89.3%

Details

CWE
CWE-399
Status published
Products (32)
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
php/php 3.0.7
php/php 3.0.8
php/php 3.0.9
php/php 3.0.10
... and 22 more
Published Dec 31, 2002
Tracked Since Feb 18, 2026