Vulnerability Details : CVE-2023-0662
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
Vulnerability category: Denial of service
Products affected by CVE-2023-0662
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Threat overview for CVE-2023-0662
Top countries where our scanners detected CVE-2023-0662
Top open port discovered on systems with this issue
80
IPs affected by CVE-2023-0662 95,483
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2023-0662!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2023-0662
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0662
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
PHP Group |
CWE ids for CVE-2023-0662
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Primary)
- security@php.net (Secondary)
References for CVE-2023-0662
-
https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv
DoS vulnerability when parsing multipart request body · Advisory · php/php-src · GitHubThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20230517-0001/
February 2023 PHP Vulnerabilities in NetApp Products | NetApp Product Security
Jump to