CVE-2008-3660

Description

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Software From Fixed in
php / php 4.4.0 4.4.0.x
php / php 4.4.1 4.4.1.x
php / php 4.4.2 4.4.2.x
php / php 4.4.3 4.4.3.x
php / php 4.4.4 4.4.4.x
php / php 4.4.5 4.4.5.x
php / php 4.4.6 4.4.6.x
php / php 4.4.7 4.4.7.x
php / php 4.4.8 4.4.8.x
php / php 5.2.0 5.2.0.x
php / php 5.2.1 5.2.1.x
php / php 5.2.2 5.2.2.x
php / php 5.2.3 5.2.3.x
php / php 5.2.4 5.2.4.x
php / php 5.2.5 5.2.5.x
php / php 5.2.6 5.2.6.x