1
Candidate: CVE-2009-4418
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4418
5
http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation/
7
The unserialize function in PHP 5.3.0 and earlier allows context-dependent
8
attackers to cause a denial of service (resource consumption) via a deeply
9
nested serialized variable, as demonstrated by a string beginning with a:1:
10
followed by many {a:1: sequences.
13
mdeslaur> as of 2010/01/04, not fixed yet
14
mdeslaur> can only be exploited by a malicious script, not a security
15
mdeslaur> issue. Marking as ignored.
22
upstream_php5: ignored
25
intrepid_php5: ignored