Vulnerability in php < 5.3.9 may allow remote denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885
Solutions:
- Upgrade to 5.3.9
or
- Patch available in revision 321003 of 5.3 branch (Added max_input_vars directive to prevent attacks based on hash collision)
(from redmine: issue id 919, created on 2012-01-06, closed on 2012-01-17)
- Changesets:
- Revision 651558b4 by Natanael Copa on 2012-01-10T15:56:44Z:
main/php: security fix (CVE-2011-4885)
fixes #919
(cherry picked from commit 048cf16b51fd845e1c8aeb09437cec687e83228f)