Denial of service vulnerability in PHP - CVE-2015-9253ID: oval:org.secpod.oval:def:76786 | Date: (C)2021-12-31 (M)2024-05-22 |
Class: VULNERABILITY | Family: windows |
An issue was discovered in PHP 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |