Public Date:
459572: CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension

The MITRE CVE dictionary describes this issue as:

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Find out more about CVE-2008-3660 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (php) RHSA-2009:0338 2009-04-06
Red Hat Enterprise Linux 3 (php) RHSA-2009:0337 2009-04-06
Red Hat Application Stack v2 for Enterprise Linux (v.5) (php) RHSA-2009:0350 2009-04-14
Red Hat Enterprise Linux 4 (php) RHSA-2009:0337 2009-04-06

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.