Arieh
Verified User
https://www.kb.cert.org/vuls/id/903934
PHP specific: https://www.kb.cert.org/vuls/id/DWAN-8PYMFT
Theres a fix in PHP 5.4.0 RC4, but its not a stable release.
I've tested this bug and it works. 1 request will load 1 core to 100% for 60 seconds (or the value set by max_input_time @ php.ini)
one attempt to fix it would be lowering the max_input_time value; I've tried setting it from 60 to 5. It helps a bit but is far from a decent fix.
Without any fix:
Result of ~ 30 fishy request (8 should do the trick too in this case)
http://i.imgur.com/sO70J.png
But I've re-enabled suhosin and set suhosin.request.max_vars = 100 and looks like its a solution. I sent some request and I saw a few spikes, but that would be about the same with many normal requests.
PHP specific: https://www.kb.cert.org/vuls/id/DWAN-8PYMFT
Theres a fix in PHP 5.4.0 RC4, but its not a stable release.
I've tested this bug and it works. 1 request will load 1 core to 100% for 60 seconds (or the value set by max_input_time @ php.ini)
one attempt to fix it would be lowering the max_input_time value; I've tried setting it from 60 to 5. It helps a bit but is far from a decent fix.
Without any fix:
Result of ~ 30 fishy request (8 should do the trick too in this case)
http://i.imgur.com/sO70J.png
But I've re-enabled suhosin and set suhosin.request.max_vars = 100 and looks like its a solution. I sent some request and I saw a few spikes, but that would be about the same with many normal requests.
Last edited: