Innovate faster and cut risk with PHP experts from Zend Services.
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
DOS vulnerability when parsing multipart request body
When parsing a multipart request body, depending on the number of parts and total size of the request body, PHP may fill all memory and/or available disk space, leading to a DoS vector. This vulnerability affects the mod_php and php-fpm SAPIs across all PHP versions.
We strongly recommend upgrading to a known patched version of PHP immediately.
If you cannot, you can mitigate this attack in a couple of ways:
Additionally, both Apache HTTPD and nginx have configuration settings for rejecting requests that are larger than a configured size (for Apache HTTPD, this is the SecRequestBodyLimit setting via mod_security; for nginx, create a condition based on the $request_length variable).
Direct link to CVE-2023-0662 >
< View all CVEs