Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:PHP:FILEINFO-DOS
Severity	Major
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	PHP Fileinfo Call Stack Exhaustion Denial of Service
Release Date	2014/03/19
Update Number	2355
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: PHP Fileinfo Call Stack Exhaustion Denial of Service

This signature detects attempts to exploit a known vulnerability against PHP Fileinfo. A successful attack can result in a denial-of-service condition.

Extended Description

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Affected Products

Fine_free_file_project fine_free_file 5.0
Fine_free_file_project fine_free_file 5.1
Fine_free_file_project fine_free_file 5.10
Fine_free_file_project fine_free_file 5.11
Fine_free_file_project fine_free_file 5.12
Fine_free_file_project fine_free_file 5.13
Fine_free_file_project fine_free_file 5.14
Fine_free_file_project fine_free_file 5.15
Fine_free_file_project fine_free_file 5.16
Fine_free_file_project fine_free_file 5.2
Fine_free_file_project fine_free_file 5.3
Fine_free_file_project fine_free_file 5.4
Fine_free_file_project fine_free_file 5.7
Fine_free_file_project fine_free_file 5.8
Fine_free_file_project fine_free_file 5.9

References

CVE: CVE-2014-1943

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: PHP Fileinfo Call Stack Exhaustion Denial of Service

Extended Description

Affected Products

References