Vulnerabilities > CVE-2012-1172 - Improper Input Validation vulnerability in PHP

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
php
CWE-20
nessus

Summary

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

Vulnerable Configurations

Part Description Count
Application
Php
436

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyCGI abuses
    NASL idPHP_5_4_1.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.1, and, therefore, potentially affected by multiple vulnerabilities : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id58967
    published2012-05-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58967
    titlePHP 5.4.x < 5.4.1 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58967);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/24 18:56:10");
    
      script_cve_id("CVE-2012-1172", "CVE-2012-4388");
      script_bugtraq_id(53403, 55527);
    
      script_name(english:"PHP 5.4.x < 5.4.1 Multiple Vulnerabilities");
      script_summary(english:"Checks version of PHP");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to its banner, the version of PHP installed on the remote
    host is 5.4.x earlier than 5.4.1, and, therefore, potentially affected
    by multiple vulnerabilities :
    
      - The '$_FILES' variable can be corrupted because the
        names of uploaded files are not properly validated.
        (CVE-2012-1172)
    
      - The 'open_basedir' directive is not properly handled by
        the functions 'readline_write_history' and
        'readline_read_history'.
    
      - It's possible to bypass an HTTP response-splitting
        protection because the 'sapi_header_op()' function in 
        main/SAPI.c does not properly determine a pointer during
        checks for encoded carriage return characters. (Bug 
        #60227 / CVE-2012-4388)"
      );
      # https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e81d4026");
      script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=54374");
      script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=60227");
      script_set_attribute(attribute:"see_also", value:"http://www.php.net/archive/2012.php#id2012-04-26-1");
      script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.4.1");
      script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.4.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/02");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("php_version.nasl");
      script_require_ports("Services/www", 80);
      script_require_keys("www/PHP");
      exit(0);
    }
    
    include("global_settings.inc");
    include("audit.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    if (version =~ "^5\.4\.0($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source     : '+source +
          '\n  Installed version  : '+version+
          '\n  Fixed version      : 5.4.1\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-8114.NASL
    descriptionThis update fixes several security issues in PHP5 : - A directory traversal bug has been fixed in php5. (CVE-2012-1172) - A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal Apache module mode setup. (CVE-2012-1823 / CVE-2012-2311) - Also a pack/unpacking bug on big endian 64bit architectures (ppc64 and s390x) has been fixed. bnc#753778
    last seen2020-06-05
    modified2012-05-09
    plugin id59053
    published2012-05-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59053
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 8114)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120627_PHP_ON_SL6_X.NASL
    descriptionPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-03-18
    modified2012-08-01
    plugin id61358
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61358
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20120627)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1047.NASL
    descriptionUpdated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id59753
    published2012-06-28
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59753
    titleRHEL 5 : php53 (RHSA-2012:1047)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-065.NASL
    descriptionMultiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831). Insufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172). The updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue. Additionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs.
    last seen2020-06-01
    modified2020-06-02
    plugin id58890
    published2012-04-27
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58890
    titleMandriva Linux Security Advisory : php (MDVSA-2012:065)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1045.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id59738
    published2012-06-28
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59738
    titleCentOS 5 : php (CESA-2012:1045)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6907.NASL
    descriptionUpstream Security Enhancements : - Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). - Add open_basedir checks to readline_write_history and readline_read_history. - Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes : - php-fpm: add comment about security.limit_extensions in provided conf - php-fpm: add /etc/sysconfig/php-fpm environment file - php-common provides zip extension, as in previous fedora version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-07
    plugin id59007
    published2012-05-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59007
    titleFedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1045.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id59751
    published2012-06-28
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59751
    titleRHEL 5 : php (RHSA-2012:1045)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120627_PHP53_ON_SL5_X.NASL
    descriptionPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-03-18
    modified2012-08-01
    plugin id61356
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61356
    titleScientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1046.NASL
    descriptionFrom Red Hat Security Advisory 2012:1046 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id68570
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68570
    titleOracle Linux 6 : php (ELSA-2012-1046)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1047.NASL
    descriptionUpdated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id67089
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67089
    titleCentOS 5 : php53 (CESA-2012:1047)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120627_PHP_ON_SL5_X.NASL
    descriptionPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-03-18
    modified2012-08-01
    plugin id61357
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61357
    titleScientific Linux Security Update : php on SL5.x i386/x86_64 (20120627)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP53-120504.NASL
    descriptionThis update fixes several security issues in PHP5 : - A directory traversal bug has been fixed in PHP5. (CVE-2012-1172) - A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal Apache module mode setup. (CVE-2012-1823 / CVE-2012-2311)
    last seen2020-06-05
    modified2013-01-25
    plugin id64103
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64103
    titleSuSE 11.2 Security Update : PHP5 (SAT Patch Number 6251)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL14574.NASL
    descriptionThe file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
    last seen2020-06-01
    modified2020-06-02
    plugin id78152
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78152
    titleF5 Networks BIG-IP : PHP vulnerability (SOL14574)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1045.NASL
    descriptionFrom Red Hat Security Advisory 2012:1045 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id68569
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68569
    titleOracle Linux 5 : php (ELSA-2012-1045)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62236
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62236
    titleGLSA-201209-03 : PHP: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1481-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781) It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. (CVE-2012-1172) Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. (CVE-2012-2143) It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317) It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server, or to perform a denial of service. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2335, CVE-2012-2336) Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. A remote attacker could use this flaw to perform a denial of service, or possibly execute arbitrary code. (CVE-2012-2386). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id59603
    published2012-06-20
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59603
    titleUbuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1481-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1046.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id59752
    published2012-06-28
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59752
    titleRHEL 6 : php (RHSA-2012:1046)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1047.NASL
    descriptionFrom Red Hat Security Advisory 2012:1047 : Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id68571
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68571
    titleOracle Linux 5 : php53 (ELSA-2012-1047)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_8_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.2. The newer version contains multiple security-related fixes for the following components : - BIND - Data Security - LoginWindow - Mobile Accounts - PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id62215
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62215
    titleMac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1046.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive,
    last seen2020-06-01
    modified2020-06-02
    plugin id59938
    published2012-07-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59938
    titleCentOS 6 : php (CESA-2012:1046)
  • NASL familyCGI abuses
    NASL idPHP_5_3_11.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the
    last seen2020-04-30
    modified2012-05-02
    plugin id58966
    published2012-05-02
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58966
    titlePHP < 5.3.11 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id62213
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62213
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2465.NASL
    descriptionDe Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code. Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices.
    last seen2020-03-17
    modified2012-05-10
    plugin id59059
    published2012-05-10
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59059
    titleDebian DSA-2465-1 : php5 - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6869.NASL
    descriptionUpstream Security Enhancements : - Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). - Add open_basedir checks to readline_write_history and readline_read_history. Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-07
    plugin id59006
    published2012-05-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59006
    titleFedora 17 : maniadrive-1.2-38.fc17 / php-5.4.1-1.fc17 (2012-6869)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-120504.NASL
    descriptionThis update fixes several security issues in PHP5 : - A directory traversal bug has been fixed in PHP5. (CVE-2012-1172) - A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal apache module mode setup. (CVE-2012-1823 / CVE-2012-2311) - Also a pack/unpacking bug on big endian 64bit architectures (ppc64 and s390x) has been fixed. (bnc#753778)
    last seen2020-06-05
    modified2013-01-25
    plugin id64099
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64099
    titleSuSE 11.1 Security Update : PHP5 (SAT Patch Number 6252)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-244.NASL
    descriptionScripts that accept multiple file uploads in a single request &#9; were potentially vulnerable to a directory traversal &#9; attack
    last seen2020-06-05
    modified2014-06-13
    plugin id74607
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74607
    titleopenSUSE Security Update : php5 (openSUSE-SU-2012:0551-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2CDE1892913E11E1B44C001FD0AF1A4C.NASL
    descriptionphp development team reports : Security Enhancements for both PHP 5.3.11 and PHP 5.4.1 : - Insufficient validating of upload name leading to corrupted $_FILES indices. (CVE-2012-1172) - Add open_basedir checks to readline_write_history and readline_read_history. Security Enhancements for both PHP 5.3.11 only : - Regression in magic_quotes_gpc fix for CVE-2012-0831.
    last seen2020-06-01
    modified2020-06-02
    plugin id58938
    published2012-05-01
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58938
    titleFreeBSD : php -- multiple vulnerabilities (2cde1892-913e-11e1-b44c-001fd0af1a4c)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6911.NASL
    descriptionUpstream Security Enhancements : - Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). - Add open_basedir checks to readline_write_history and readline_read_history. - Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1 RPM changes : - php-fpm: add comment about security.limit_extensions in provided conf - php-fpm: add /etc/sysconfig/php-fpm environment file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-07
    plugin id59008
    published2012-05-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59008
    titleFedora 15 : maniadrive-1.2-32.fc15.3 / php-5.3.11-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.3 (2012-6911)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen2020-06-01
    modified2020-06-02
    plugin id62214
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62214
    titleMac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)

Redhat

rpms
  • php-0:5.1.6-39.el5_8
  • php-bcmath-0:5.1.6-39.el5_8
  • php-cli-0:5.1.6-39.el5_8
  • php-common-0:5.1.6-39.el5_8
  • php-dba-0:5.1.6-39.el5_8
  • php-debuginfo-0:5.1.6-39.el5_8
  • php-devel-0:5.1.6-39.el5_8
  • php-gd-0:5.1.6-39.el5_8
  • php-imap-0:5.1.6-39.el5_8
  • php-ldap-0:5.1.6-39.el5_8
  • php-mbstring-0:5.1.6-39.el5_8
  • php-mysql-0:5.1.6-39.el5_8
  • php-ncurses-0:5.1.6-39.el5_8
  • php-odbc-0:5.1.6-39.el5_8
  • php-pdo-0:5.1.6-39.el5_8
  • php-pgsql-0:5.1.6-39.el5_8
  • php-snmp-0:5.1.6-39.el5_8
  • php-soap-0:5.1.6-39.el5_8
  • php-xml-0:5.1.6-39.el5_8
  • php-xmlrpc-0:5.1.6-39.el5_8
  • php-0:5.3.3-14.el6_3
  • php-bcmath-0:5.3.3-14.el6_3
  • php-cli-0:5.3.3-14.el6_3
  • php-common-0:5.3.3-14.el6_3
  • php-dba-0:5.3.3-14.el6_3
  • php-debuginfo-0:5.3.3-14.el6_3
  • php-devel-0:5.3.3-14.el6_3
  • php-embedded-0:5.3.3-14.el6_3
  • php-enchant-0:5.3.3-14.el6_3
  • php-gd-0:5.3.3-14.el6_3
  • php-imap-0:5.3.3-14.el6_3
  • php-intl-0:5.3.3-14.el6_3
  • php-ldap-0:5.3.3-14.el6_3
  • php-mbstring-0:5.3.3-14.el6_3
  • php-mysql-0:5.3.3-14.el6_3
  • php-odbc-0:5.3.3-14.el6_3
  • php-pdo-0:5.3.3-14.el6_3
  • php-pgsql-0:5.3.3-14.el6_3
  • php-process-0:5.3.3-14.el6_3
  • php-pspell-0:5.3.3-14.el6_3
  • php-recode-0:5.3.3-14.el6_3
  • php-snmp-0:5.3.3-14.el6_3
  • php-soap-0:5.3.3-14.el6_3
  • php-tidy-0:5.3.3-14.el6_3
  • php-xml-0:5.3.3-14.el6_3
  • php-xmlrpc-0:5.3.3-14.el6_3
  • php-zts-0:5.3.3-14.el6_3
  • php53-0:5.3.3-13.el5_8
  • php53-bcmath-0:5.3.3-13.el5_8
  • php53-cli-0:5.3.3-13.el5_8
  • php53-common-0:5.3.3-13.el5_8
  • php53-dba-0:5.3.3-13.el5_8
  • php53-debuginfo-0:5.3.3-13.el5_8
  • php53-devel-0:5.3.3-13.el5_8
  • php53-gd-0:5.3.3-13.el5_8
  • php53-imap-0:5.3.3-13.el5_8
  • php53-intl-0:5.3.3-13.el5_8
  • php53-ldap-0:5.3.3-13.el5_8
  • php53-mbstring-0:5.3.3-13.el5_8
  • php53-mysql-0:5.3.3-13.el5_8
  • php53-odbc-0:5.3.3-13.el5_8
  • php53-pdo-0:5.3.3-13.el5_8
  • php53-pgsql-0:5.3.3-13.el5_8
  • php53-process-0:5.3.3-13.el5_8
  • php53-pspell-0:5.3.3-13.el5_8
  • php53-snmp-0:5.3.3-13.el5_8
  • php53-soap-0:5.3.3-13.el5_8
  • php53-xml-0:5.3.3-13.el5_8
  • php53-xmlrpc-0:5.3.3-13.el5_8

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 53403 CVE ID: CVE-2012-1172 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP在实现上存在目录遍历漏洞,远程攻击者可利用带有目录遍历序列的特制请求检索、破坏或上传任意位置上的任意文件。 0 PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net
idSSV:60103
last seen2017-11-19
modified2012-05-09
published2012-05-09
reporterRoot
titlePHP 5.3.x目录遍历漏洞