Bugtraq mailing list archives
Re: PHP Resource Exhaustion Denial of Service
From: vjt <vejeta () azzurra org>
Date: Tue, 23 Jul 2002 22:22:22 +0200
On Sat, Jul 20, 2002 at 08:45:17PM -0500, Matthew Murphy wrote:
The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on configuration) that implements an HTML-embedded script language. A vulnerability in PHP can be used to cause a denial of service in some cases.
[cut]
Exploit: http://www.murphy.101main.net/php-apache.c
this does not apply when the php interpreter is dynamically loaded by apache using the DSO interface (or whatever dynamic loading interface of whatever web server). and afaik this is a more common approach when dealing with unix web servers. best regards, vjt -- pub 1024D/5201DC33 2002-01-24 vjt <vjt () users sf net> Key fingerprint = C80A DC06 E81C 4613 236B 833F C2C6 009F 5201 DC33 http://bahamut-inet6.sourceforge.net/vjt.asc
Attachment:
_bin
Description:
Current thread:
- PHP Resource Exhaustion Denial of Service Matthew Murphy (Jul 22)
- RE: PHP Resource Exhaustion Denial of Service Russ Garrett (Jul 22)
- Re: PHP Resource Exhaustion Denial of Service vjt (Jul 23)