fkie_cve-2012-1172
Vulnerability from fkie_nvd
Published
2012-05-24 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
References
secalert@redhat.comhttp://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/Exploit
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134012830914727&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134012830914727&w=2
secalert@redhat.comhttp://openwall.com/lists/oss-security/2012/03/13/4
secalert@redhat.comhttp://support.apple.com/kb/HT5501
secalert@redhat.comhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664Patch
secalert@redhat.comhttp://svn.php.net/viewvc?view=revision&revision=321664
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2465
secalert@redhat.comhttp://www.php.net/ChangeLog-5.php#5.4.0
secalert@redhat.comhttps://bugs.php.net/bug.php?id=48597Exploit
secalert@redhat.comhttps://bugs.php.net/bug.php?id=49683
secalert@redhat.comhttps://bugs.php.net/bug.php?id=54374Exploit
secalert@redhat.comhttps://bugs.php.net/bug.php?id=55500
secalert@redhat.comhttps://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/Exploit
secalert@redhat.comhttps://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdfExploit
af854a3a-2127-422b-91ae-364da2661108http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/Exploit
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134012830914727&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134012830914727&w=2
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2012/03/13/4
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5501
af854a3a-2127-422b-91ae-364da2661108http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.php.net/viewvc?view=revision&revision=321664
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2465
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/ChangeLog-5.php#5.4.0
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=48597Exploit
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=49683
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=54374Exploit
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=55500
af854a3a-2127-422b-91ae-364da2661108https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/Exploit
af854a3a-2127-422b-91ae-364da2661108https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdfExploit
Impacted products
Vendor Product Version
php php *
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.1
php php 5.0.2
php php 5.0.3
php php 5.0.4
php php 5.0.5
php php 5.1.0
php php 5.1.1
php php 5.1.2
php php 5.1.3
php php 5.1.4
php php 5.1.5
php php 5.1.6
php php 5.2.0
php php 5.2.1
php php 5.2.2
php php 5.2.3
php php 5.2.4
php php 5.2.5
php php 5.2.6
php php 5.2.7
php php 5.2.8
php php 5.2.9
php php 5.2.10
php php 5.2.11
php php 5.2.12
php php 5.2.13
php php 5.2.14
php php 5.2.15
php php 5.2.16
php php 5.2.17
php php 5.3.0
php php 5.3.1
php php 5.3.2
php php 5.3.3
php php 5.3.4
php php 5.3.5
php php 5.3.6
php php 5.3.7
php php 5.3.8
php php 5.3.9



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EAC47-405C-4AA9-AC96-D3D750029AD0",
              "versionEndIncluding": "5.3.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AADA875-E0EA-483A-A07E-2914FE969972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D48A71-B84E-4B6C-9603-B3373052E568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAB7D55-F155-43F9-A563-F2E35CFFEF26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "72243A3F-6BFD-472B-9EA4-82BE4253ED27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E415CC22-09CA-47D2-9F1A-0BCA8960835B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4933D9DD-A630-4A3D-9D13-9E182F5F6F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E6D530-91FC-42F4-A427-6601238E0187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC938DB-E066-407F-BDF8-61A1C41136F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF768D-7F5A-4042-B7DD-398F65F3F094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3F1891-032D-409C-904C-A415D2323DFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n de carga de archivos en rfc1867.c en PHP anterior a v5.4.0 no maneja correctamente caracteres v\u00e1lidos [(corchete abierto) en los valores de nombre, lo que hace que sea m\u00e1s f\u00e1cil para  atacantes remotos causar una denegaci\u00f3n de servicio ( indices $ _FILES malformados) o llevar a cabo ataques transversales de directorio durante la carga de archivos aprovech\u00e1ndose de un script que carece de las restricciones de nombre del propio fichero.\r\n"
    }
  ],
  "id": "CVE-2012-1172",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-24T00:55:02.507",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2465"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=48597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.php.net/bug.php?id=49683"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=54374"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.php.net/bug.php?id=55500"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2012/03/13/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664\u0026r2=321663\u0026pathrev=321664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php#5.4.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=48597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.php.net/bug.php?id=49683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=54374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.php.net/bug.php?id=55500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…