Vulnerability-Lookup

CVE-2012-1172 (GCVE-0-2012-1172)

Vulnerability from cvelistv5 – Published: 2012-05-24 00:00 – Updated: 2024-08-06 18:53

Summary

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=bugtraq&m=134012830914727&w=2	vendor-advisoryx_refsource_HP
	http://svn.php.net/viewvc/php/php-src/branches/PH…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://bugs.php.net/bug.php?id=54374	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugs.php.net/bug.php?id=49683	x_refsource_MISC
	https://nealpoole.com/blog/2011/10/directory-trav…	x_refsource_MISC
	http://svn.php.net/viewvc?view=revision&revision=321664	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2012/03/13/4	mailing-listx_refsource_MLIST
	https://bugs.php.net/bug.php?id=48597	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://isisblogs.poly.edu/2011/08/11/php-not-prop…	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT5501	x_refsource_CONFIRM
	https://students.mimuw.edu.pl/~ai292615/php_multi…	x_refsource_MISC
	http://www.php.net/ChangeLog-5.php#5.4.0	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://marc.info/?l=bugtraq&m=134012830914727&w=2	vendor-advisoryx_refsource_HP
	http://www.debian.org/security/2012/dsa-2465	vendor-advisoryx_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://bugs.php.net/bug.php?id=55500	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:35.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT100856",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
          },
          {
            "name": "FEDORA-2012-6869",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=54374"
          },
          {
            "name": "SUSE-SU-2012:0604",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=49683"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
          },
          {
            "name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=48597"
          },
          {
            "name": "SUSE-SU-2012:0598",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
          },
          {
            "name": "APPLE-SA-2012-09-19-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5501"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
          },
          {
            "name": "FEDORA-2012-6907",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
          },
          {
            "name": "HPSBUX02791",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
          },
          {
            "name": "DSA-2465",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2465"
          },
          {
            "name": "FEDORA-2012-6911",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=55500"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT100856",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
        },
        {
          "name": "FEDORA-2012-6869",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=54374"
        },
        {
          "name": "SUSE-SU-2012:0604",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=49683"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
        },
        {
          "name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=48597"
        },
        {
          "name": "SUSE-SU-2012:0598",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
        },
        {
          "name": "APPLE-SA-2012-09-19-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5501"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
        },
        {
          "name": "FEDORA-2012-6907",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
        },
        {
          "name": "HPSBUX02791",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
        },
        {
          "name": "DSA-2465",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2465"
        },
        {
          "name": "FEDORA-2012-6911",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=55500"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-1172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT100856",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
            },
            {
              "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
            },
            {
              "name": "FEDORA-2012-6869",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=54374",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=54374"
            },
            {
              "name": "SUSE-SU-2012:0604",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=49683",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=49683"
            },
            {
              "name": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/",
              "refsource": "MISC",
              "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
            },
            {
              "name": "http://svn.php.net/viewvc?view=revision\u0026revision=321664",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
            },
            {
              "name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=48597",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=48597"
            },
            {
              "name": "SUSE-SU-2012:0598",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
            },
            {
              "name": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/",
              "refsource": "MISC",
              "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
            },
            {
              "name": "APPLE-SA-2012-09-19-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5501",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5501"
            },
            {
              "name": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf",
              "refsource": "MISC",
              "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.4.0",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
            },
            {
              "name": "FEDORA-2012-6907",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
            },
            {
              "name": "HPSBUX02791",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
            },
            {
              "name": "DSA-2465",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2465"
            },
            {
              "name": "FEDORA-2012-6911",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=55500",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=55500"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1172",
    "datePublished": "2012-05-24T00:00:00.000Z",
    "dateReserved": "2012-02-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:53:35.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-512

Vulnerability from certfr_avis - Published: 2012-09-21 - Updated: 2012-09-21

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire à distance au moyen de fichiers spécialement conçus.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Versions antérieures à OS X Lion v10.7.5.
	Apple	N/A	Versions antérieures à OS X Mountain Lion v10.8.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 19 Septembre 2012	None	vendor-advisory
Bulletin de sécurité Apple HT5501 du 19 Septembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 OS X Lion v10.7.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 OS X Mountain Lion v10.8.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3048"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-3716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3716"
    },
    {
      "name": "CVE-2012-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2688"
    },
    {
      "name": "CVE-2012-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1667"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-1173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2012-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
    },
    {
      "name": "CVE-2012-0671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0671"
    },
    {
      "name": "CVE-2012-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0650"
    },
    {
      "name": "CVE-2012-3719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3719"
    },
    {
      "name": "CVE-2012-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3721"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2012-0643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0643"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2012-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0652"
    },
    {
      "name": "CVE-2012-3722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3722"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2012-0668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0668"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2011-3026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3026"
    },
    {
      "name": "CVE-2012-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3718"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2012-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3720"
    },
    {
      "name": "CVE-2011-4313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4313"
    },
    {
      "name": "CVE-2012-2386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2386"
    },
    {
      "name": "CVE-2012-3723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3723"
    },
    {
      "name": "CVE-2012-0670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0670"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2012-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
    },
    {
      "name": "CVE-2011-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4599"
    }
  ],
  "initial_release_date": "2012-09-21T00:00:00",
  "last_revision_date": "2012-09-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5501 du 19 Septembre 2012 :",
      "url": "http://support.apple.com/kb/HT5501"
    }
  ],
  "reference": "CERTA-2012-AVI-512",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen de\nfichiers sp\u00e9cialement con\u00e7us.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 19 Septembre 2012",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10661 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10657 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10658 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10660 du 11 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Network and Security Manager (NSM) version 2012.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
    },
    {
      "name": "CVE-2010-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2010-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
    },
    {
      "name": "CVE-2012-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
    },
    {
      "name": "CVE-2012-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
    },
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2012-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
    },
    {
      "name": "CVE-2014-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
    },
    {
      "name": "CVE-2013-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2012-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
    },
    {
      "name": "CVE-2010-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2014-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
    },
    {
      "name": "CVE-2013-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2014-7169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2011-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
    },
    {
      "name": "CVE-2011-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2014-4825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
    },
    {
      "name": "CVE-2010-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
    },
    {
      "name": "CVE-2012-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2010-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2014-4828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2010-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2010-2956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2014-4833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2014-6278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2010-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
    },
    {
      "name": "CVE-2009-1265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
    },
    {
      "name": "CVE-2010-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
    },
    {
      "name": "CVE-2012-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
    },
    {
      "name": "CVE-2011-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
    },
    {
      "name": "CVE-2010-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    },
    {
      "name": "CVE-2014-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2014-11-13T00:00:00",
  "last_revision_date": "2014-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-480",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
    }
  ]
}

CERTA-2012-AVI-244

Vulnerability from certfr_avis - Published: 2012-05-03 - Updated: 2012-05-03

Trois vulnérabilités ont été corrigées dans PHP. Deux d'entre-elles concernent les branches 5.3.x et 5.4.x. La dernière (CVE-2012-0831) ne concerne que la branche 5.3.x et corrige un problème lié à magic_quote_gpc lors du chargement de variables d'environnement, ce qui peut faciliter l'injection de requête SQL par un attaquant distant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP 5.3.x antérieure à 5.3.11;
	PHP	PHP	PHP 5.4.x antérieure à 5.4.1.

References

Title

Publication Time

Tags

Bulletin de sécurité PHP du 26 avril 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5.3.x ant\u00e9rieure \u00e0 5.3.11;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 5.4.x ant\u00e9rieure \u00e0 5.4.1.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    }
  ],
  "initial_release_date": "2012-05-03T00:00:00",
  "last_revision_date": "2012-05-03T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eate SQL"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Deux d\u0027entre-elles concernent les branches\n5.3.x et 5.4.x. La derni\u00e8re (CVE-2012-0831) ne concerne que la branche\n5.3.x et corrige un probl\u00e8me li\u00e9 \u00e0 \u003cspan\nclass=\"textit\"\u003emagic_quote_gpc\u003c/span\u003e lors du chargement de variables\nd\u0027environnement, ce qui peut faciliter l\u0027injection de requ\u00eate SQL par un\nattaquant distant.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP du 26 avril 2012",
      "url": "http://www.php.net/archive/2012.php#id2012-04-26-1"
    }
  ]
}

GHSA-JPM9-86G2-J2GX

Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2025-04-11 03:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-1172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-24T00:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.",
  "id": "GHSA-jpm9-86g2-j2gx",
  "modified": "2025-04-11T03:57:51Z",
  "published": "2022-05-14T03:49:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1172"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=48597"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=49683"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=54374"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=55500"
    },
    {
      "type": "WEB",
      "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads"
    },
    {
      "type": "WEB",
      "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
    },
    {
      "type": "WEB",
      "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "type": "WEB",
      "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
    },
    {
      "type": "WEB",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2465"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2012-1172

Vulnerability from fstec - Published: 24.05.2012

Title

Уязвимость компонента rfc1867.c интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента rfc1867.c интерпретатора языка программирования PHP существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, PHP Group

Software Name

Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, PHP

Software Version

5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 11.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.8 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc1 (PHP), 5.0.0rc2 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.1.2 (PHP), 5.0.5 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), до 5.3.10 включительно (PHP)

Possible Mitigations

Использование рекомендаций: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1172.xml Для Ubuntu: https://ubuntu.com/security/CVE-2012-1172 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2012-1172

Reference

https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://bugs.php.net/bug.php?id=55500 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664 https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=54374 http://www.php.net/ChangeLog-5.php#5.4.0 https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf https://bugs.php.net/bug.php?id=49683 http://openwall.com/lists/oss-security/2012/03/13/4 http://svn.php.net/viewvc?view=revision&revision=321664 http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://www.debian.org/security/2012/dsa-2465 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 11.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.8 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc1 (PHP), 5.0.0rc2 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.1.2 (PHP), 5.0.5 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), \u0434\u043e 5.3.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1172.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2012-1172\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2012-1172",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.05.2012",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02630",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-1172",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Canonical Ltd. Ubuntu 12.04 , Canonical Ltd. Ubuntu 11.10 , Canonical Ltd. Ubuntu 11.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 , Canonical Ltd. Ubuntu 8.04 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 rfc1867.c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 rfc1867.c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/\nhttps://bugs.php.net/bug.php?id=55500\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664\nhttps://bugs.php.net/bug.php?id=48597\nhttps://bugs.php.net/bug.php?id=54374\nhttp://www.php.net/ChangeLog-5.php#5.4.0\nhttps://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf\nhttps://bugs.php.net/bug.php?id=49683\nhttp://openwall.com/lists/oss-security/2012/03/13/4\nhttp://svn.php.net/viewvc?view=revision\u0026revision=321664\nhttp://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/\nhttp://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2\nhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html\nhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html\nhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html\nhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\nhttp://support.apple.com/kb/HT5501\nhttp://www.debian.org/security/2012/dsa-2465\nhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html\nhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,8)"
}

GSD-2012-1172

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-1172

Aliases

CVE-2012-1172

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-1172",
    "description": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.",
    "id": "GSD-2012-1172",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-1172.html",
      "https://www.debian.org/security/2012/dsa-2465",
      "https://access.redhat.com/errata/RHSA-2012:1047",
      "https://access.redhat.com/errata/RHSA-2012:1046",
      "https://access.redhat.com/errata/RHSA-2012:1045",
      "https://linux.oracle.com/cve/CVE-2012-1172.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-1172"
      ],
      "details": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.",
      "id": "GSD-2012-1172",
      "modified": "2023-12-13T01:20:18.244552Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-1172",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SSRT100856",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
          },
          {
            "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664",
            "refsource": "CONFIRM",
            "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
          },
          {
            "name": "FEDORA-2012-6869",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=54374",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=54374"
          },
          {
            "name": "SUSE-SU-2012:0604",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=49683",
            "refsource": "MISC",
            "url": "https://bugs.php.net/bug.php?id=49683"
          },
          {
            "name": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/",
            "refsource": "MISC",
            "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
          },
          {
            "name": "http://svn.php.net/viewvc?view=revision\u0026revision=321664",
            "refsource": "CONFIRM",
            "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
          },
          {
            "name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=48597",
            "refsource": "MISC",
            "url": "https://bugs.php.net/bug.php?id=48597"
          },
          {
            "name": "SUSE-SU-2012:0598",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
          },
          {
            "name": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/",
            "refsource": "MISC",
            "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
          },
          {
            "name": "APPLE-SA-2012-09-19-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5501",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5501"
          },
          {
            "name": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf",
            "refsource": "MISC",
            "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
          },
          {
            "name": "http://www.php.net/ChangeLog-5.php#5.4.0",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
          },
          {
            "name": "FEDORA-2012-6907",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
          },
          {
            "name": "HPSBUX02791",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
          },
          {
            "name": "DSA-2465",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2465"
          },
          {
            "name": "FEDORA-2012-6911",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=55500",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=55500"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-1172"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=55500",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.php.net/bug.php?id=55500"
            },
            {
              "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=48597",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://bugs.php.net/bug.php?id=48597"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=54374",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://bugs.php.net/bug.php?id=54374"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.4.0",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
            },
            {
              "name": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=49683",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugs.php.net/bug.php?id=49683"
            },
            {
              "name": "[oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
            },
            {
              "name": "http://svn.php.net/viewvc?view=revision\u0026revision=321664",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
            },
            {
              "name": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
            },
            {
              "name": "SSRT100856",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
            },
            {
              "name": "FEDORA-2012-6869",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
            },
            {
              "name": "FEDORA-2012-6907",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
            },
            {
              "name": "FEDORA-2012-6911",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
            },
            {
              "name": "APPLE-SA-2012-09-19-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5501",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5501"
            },
            {
              "name": "DSA-2465",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2465"
            },
            {
              "name": "SUSE-SU-2012:0604",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
            },
            {
              "name": "SUSE-SU-2012:0598",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-01-18T02:29Z",
      "publishedDate": "2012-05-24T00:55Z"
    }
  }
}

FKIE_CVE-2012-1172

Vulnerability from fkie_nvd - Published: 2012-05-24 00:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/	Exploit
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=134012830914727&w=2
secalert@redhat.com	http://openwall.com/lists/oss-security/2012/03/13/4
secalert@redhat.com	http://support.apple.com/kb/HT5501
secalert@redhat.com	http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664	Patch
secalert@redhat.com	http://svn.php.net/viewvc?view=revision&revision=321664
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2465
secalert@redhat.com	http://www.php.net/ChangeLog-5.php#5.4.0
secalert@redhat.com	https://bugs.php.net/bug.php?id=48597	Exploit
secalert@redhat.com	https://bugs.php.net/bug.php?id=49683
secalert@redhat.com	https://bugs.php.net/bug.php?id=54374	Exploit
secalert@redhat.com	https://bugs.php.net/bug.php?id=55500
secalert@redhat.com	https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/	Exploit
secalert@redhat.com	https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=134012830914727&w=2
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2012/03/13/4
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5501
af854a3a-2127-422b-91ae-364da2661108	http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664	Patch
af854a3a-2127-422b-91ae-364da2661108	http://svn.php.net/viewvc?view=revision&revision=321664
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2465
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/ChangeLog-5.php#5.4.0
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=48597	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=49683
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=54374	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=55500
af854a3a-2127-422b-91ae-364da2661108	https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf	Exploit

Impacted products

Vendor	Product	Version
php	php	*
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6
php	php	5.2.7
php	php	5.2.8
php	php	5.2.9
php	php	5.2.10
php	php	5.2.11
php	php	5.2.12
php	php	5.2.13
php	php	5.2.14
php	php	5.2.15
php	php	5.2.16
php	php	5.2.17
php	php	5.3.0
php	php	5.3.1
php	php	5.3.2
php	php	5.3.3
php	php	5.3.4
php	php	5.3.5
php	php	5.3.6
php	php	5.3.7
php	php	5.3.8
php	php	5.3.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EAC47-405C-4AA9-AC96-D3D750029AD0",
              "versionEndIncluding": "5.3.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AADA875-E0EA-483A-A07E-2914FE969972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D48A71-B84E-4B6C-9603-B3373052E568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAB7D55-F155-43F9-A563-F2E35CFFEF26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "72243A3F-6BFD-472B-9EA4-82BE4253ED27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E415CC22-09CA-47D2-9F1A-0BCA8960835B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4933D9DD-A630-4A3D-9D13-9E182F5F6F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E6D530-91FC-42F4-A427-6601238E0187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC938DB-E066-407F-BDF8-61A1C41136F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF768D-7F5A-4042-B7DD-398F65F3F094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3F1891-032D-409C-904C-A415D2323DFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n de carga de archivos en rfc1867.c en PHP anterior a v5.4.0 no maneja correctamente caracteres v\u00e1lidos [(corchete abierto) en los valores de nombre, lo que hace que sea m\u00e1s f\u00e1cil para  atacantes remotos causar una denegaci\u00f3n de servicio ( indices $ _FILES malformados) o llevar a cabo ataques transversales de directorio durante la carga de archivos aprovech\u00e1ndose de un script que carece de las restricciones de nombre del propio fichero.\r\n"
    }
  ],
  "id": "CVE-2012-1172",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-24T00:55:02.507",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2465"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=48597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.php.net/bug.php?id=49683"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=54374"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.php.net/bug.php?id=55500"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=48597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.php.net/bug.php?id=49683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=54374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.php.net/bug.php?id=55500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-1172 (GCVE-0-2012-1172)

CERTA-2012-AVI-512

Solution

CERTFR-2014-AVI-480

Solution

CERTA-2012-AVI-244

Solution

GHSA-JPM9-86G2-J2GX

CVE-2012-1172

GSD-2012-1172

FKIE_CVE-2012-1172

Tags

Sightings

Nomenclature