[ic] Multipart Form Data Denial of Service
Stefan Hornburg (Racke)
racke at linuxia.de
Thu Nov 26 08:04:08 UTC 2009
Hello Interchange enthusiasts,
This morning I upgraded PHP5 packages on Debian machines. While reading the security
advisory I wondered whether Interchange or other web applications are affected
by this DOS type:
Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests,
causing the creation of a large number of temporary files.
To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request.
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
More information about the interchange-users