[ic] Multipart Form Data Denial of Service

Stefan Hornburg (Racke) racke at linuxia.de
Thu Nov 26 08:04:08 UTC 2009

Hello Interchange enthusiasts,

This morning I upgraded PHP5 packages on Debian machines. While reading the security
advisory I wondered whether Interchange or other web applications are affected
by this DOS type:

Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests,
causing the creation of a large number of temporary files.

To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request.

More information:


LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

More information about the interchange-users mailing list