CVE-2013-3735 Vulnerability Details

  /     /     /  

CVE-2013-3735 Metadata Quick Info

CVE Published: 31/05/2013 | CVE Updated: 16/09/2024 | CVE Year: 2013
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2013-3735 Description

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor\'s http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).