CVE-2008-3660

Impact:
Low
Public Date:
2008-08-06
Bugzilla:
459572: CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension

The MITRE CVE dictionary describes this issue as:

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Find out more about CVE-2008-3660 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v2 for Enterprise Linux (v.5) (php) RHSA-2009:0350 2009-04-14
Red Hat Enterprise Linux version 4 (php) RHSA-2009:0337 2009-04-06
Red Hat Enterprise Linux version 3 (php) RHSA-2009:0337 2009-04-06
Red Hat Enterprise Linux version 5 (php) RHSA-2009:0338 2009-04-06