oss-sec mailing list archives
Re: CVE Request - php (PHP BZ#27421)
From: Josh Bressers <bressers () redhat com>
Date: Wed, 25 Feb 2009 08:57:03 -0500 (EST)
----- "Steven M. Christey" <coley () linus mitre org> wrote:
On Fri, 30 Jan 2009, Jan Lieskovsky wrote:this PHP issue looks to desire a new CVE id. References: http://bugs.php.net/bug.php?id=27421 https://bugzilla.redhat.com/show_bug.cgi?id=479272What attack scenario exists for this issue? One virtual-host user can effectively DoS other virtual hosts running on the same Apache instance?
Sorry for the delay on responding to this.
Yes, if one web user sets mbstring.func_overload = 7 in a .htaccess, it will
effectively disable any other multibyte enabled sites on the same webserver.
--
JB
Current thread:
- CVE Request - php (PHP BZ#27421) Jan Lieskovsky (Jan 29)
- Re: CVE Request - php (PHP BZ#27421) Steven M. Christey (Feb 03)
- Re: CVE Request - php (PHP BZ#27421) Josh Bressers (Feb 25)
- Re: CVE Request - php (PHP BZ#27421) Steven M. Christey (Feb 03)