Back to bug 2170761
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-02-17 08:12:23 UTC | CC | hhorak | |
| Sandipan Roy | 2023-02-17 08:13:36 UTC | Blocks | 2170009 | |
| Sandipan Roy | 2023-02-17 08:41:06 UTC | Depends On | 2170777, 2170778 | |
| Sandipan Roy | 2023-03-02 06:46:54 UTC | Depends On | 2174687, 2174685, 2174689, 2174688, 2174686 | |
| Sandipan Roy | 2023-03-02 07:06:02 UTC | Doc Text | A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large volume of warning messages can wear down the disk and fill it up. Complete DoS is achievable by sending many concurrent multipart requests in a loop. PHP parses the request body before invoking any application scripts. This vulnerability affects all PHP websites that accept POST request bodies (post_max_size set to a value greater than zero, the default value is 8MB). |
|
| RaTasha Tillery-Smith | 2023-03-02 12:55:12 UTC | Doc Text | A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large volume of warning messages can wear down the disk and fill it up. Complete DoS is achievable by sending many concurrent multipart requests in a loop. PHP parses the request body before invoking any application scripts. This vulnerability affects all PHP websites that accept POST request bodies (post_max_size set to a value greater than zero, the default value is 8MB). | A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow the processing of legitimate user requests. The large volume of warning messages can wear down the disk and fill it up. A complete denial of service is achievable by sending many concurrent multipart requests in a loop. PHP parses the request body before invoking any application scripts. This vulnerability affects all PHP websites that accept POST request bodies (post_max_size set to a value greater than zero, the default value is 8MB). |
| Kazu Yoshida | 2023-04-20 03:19:55 UTC | CC | jcadmus | |
| CC | kyoshida | |||
| Red Hat Bugzilla | 2023-07-07 08:31:12 UTC | Assignee | security-response-team | nobody |
Back to bug 2170761