PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.15974
Percentile: 0.94461

CVSS Scoring

Mapped CWE(s)

• CWE-20 : Improper Input Validation

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1562.003 : Impair Command History Logging
  Kill Chain: defense-evasion
• T1574.006 : Dynamic Linker Hijacking
  Kill Chain: persistence
• T1574.007 : Path Interception by PATH Environment Variable
  Kill Chain: persistence
• T1027 : Obfuscated Files or Information
  Kill Chain: defense-evasion
• T1539 : Steal Web Session Cookie
  Kill Chain: credential-access
• T1036.001 : Invalid Code Signature
  Kill Chain: defense-evasion
• T1553.002 : Code Signing
  Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
• cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

← Back to Home