Lucene search
HistoryFeb 15, 2014 - 2:57 p.m.
CVE-2012-1171
cve-2012-1171
libxml
rshutdown
php 5.x
remote attackers
open_basedir
protection mechanism
arbitrary files
stream_close
custom stream wrapper
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.1%
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
Affected configurations
Node
phpphpMatch5.0.0
ORphpphpMatch5.0.0beta1
ORphpphpMatch5.0.0beta2
ORphpphpMatch5.0.0beta3
ORphpphpMatch5.0.0beta4
ORphpphpMatch5.0.0rc1
ORphpphpMatch5.0.0rc2
ORphpphpMatch5.0.0rc3
ORphpphpMatch5.0.1
ORphpphpMatch5.0.2
ORphpphpMatch5.0.3
ORphpphpMatch5.0.4
ORphpphpMatch5.0.5
ORphpphpMatch5.1.0
ORphpphpMatch5.1.1
ORphpphpMatch5.1.2
ORphpphpMatch5.1.3
ORphpphpMatch5.1.4
ORphpphpMatch5.1.5
ORphpphpMatch5.1.6
ORphpphpMatch5.2.0
ORphpphpMatch5.2.1
ORphpphpMatch5.2.2
ORphpphpMatch5.2.3
ORphpphpMatch5.2.4
ORphpphpMatch5.2.5
ORphpphpMatch5.2.6
ORphpphpMatch5.2.7
ORphpphpMatch5.2.8
ORphpphpMatch5.2.9
ORphpphpMatch5.2.10
ORphpphpMatch5.2.11
ORphpphpMatch5.2.12
ORphpphpMatch5.2.13
ORphpphpMatch5.2.14
ORphpphpMatch5.2.15
ORphpphpMatch5.2.16
ORphpphpMatch5.2.17
ORphpphpMatch5.3.0
ORphpphpMatch5.3.1
ORphpphpMatch5.3.2
ORphpphpMatch5.3.3
ORphpphpMatch5.3.4
ORphpphpMatch5.3.5
ORphpphpMatch5.3.6
ORphpphpMatch5.3.7
ORphpphpMatch5.3.8
ORphpphpMatch5.3.9
ORphpphpMatch5.3.10
ORphpphpMatch5.3.11
ORphpphpMatch5.3.12
ORphpphpMatch5.3.13
ORphpphpMatch5.3.14
ORphpphpMatch5.3.15
ORphpphpMatch5.3.16
ORphpphpMatch5.3.17
ORphpphpMatch5.3.18
ORphpphpMatch5.3.19
ORphpphpMatch5.3.20
ORphpphpMatch5.3.21
ORphpphpMatch5.3.22
ORphpphpMatch5.3.23
ORphpphpMatch5.3.24
ORphpphpMatch5.3.25
ORphpphpMatch5.3.26
ORphpphpMatch5.3.27
ORphpphpMatch5.4.0
ORphpphpMatch5.4.1
ORphpphpMatch5.4.2
ORphpphpMatch5.4.3
ORphpphpMatch5.4.4
ORphpphpMatch5.4.5
ORphpphpMatch5.4.6
ORphpphpMatch5.4.7
ORphpphpMatch5.4.8
ORphpphpMatch5.4.9
ORphpphpMatch5.4.10
ORphpphpMatch5.4.11
ORphpphpMatch5.4.12
ORphpphpMatch5.4.12rc1
ORphpphpMatch5.4.12rc2
ORphpphpMatch5.4.13
ORphpphpMatch5.4.13rc1
ORphpphpMatch5.4.14
ORphpphpMatch5.4.14rc1
ORphpphpMatch5.4.15rc1
ORphpphpMatch5.4.16rc1
ORphpphpMatch5.4.17
ORphpphpMatch5.4.18
ORphpphpMatch5.4.19
ORphpphpMatch5.4.20
ORphpphpMatch5.4.21
ORphpphpMatch5.4.22
ORphpphpMatch5.4.23
ORphpphpMatch5.5.0alpha1
ORphpphpMatch5.5.0alpha2
ORphpphpMatch5.5.0alpha3
ORphpphpMatch5.5.0alpha4
ORphpphpMatch5.5.0alpha5
ORphpphpMatch5.5.0alpha6
ORphpphpMatch5.5.0beta1
ORphpphpMatch5.5.0beta2
ORphpphpMatch5.5.0beta3
ORphpphpMatch5.5.0beta4
ORphpphpMatch5.5.0rc1
ORphpphpMatch5.5.0rc2
ORphpphpMatch5.5.1
ORphpphpMatch5.5.2
ORphpphpMatch5.5.3
ORphpphpMatch5.5.4
ORphpphpMatch5.5.5
ORphpphpMatch5.5.6
Related
cvelist
cvelist
CVE-2012-1171
2014-02-15 11:00:00
nvd
nvd
CVE-2012-1171
2014-02-15 14:57:07
openvas
openvas
PHP 'open_basedir' Security Bypass Vulnerability
2014-02-19 00:00:00
prion
prion
Design/Logic Flaw
2014-02-15 14:57:00
f5
f5
SOL15635 - PHP 5.x vulnerability - CVE-2012-1171
2014-09-29 00:00:00
K15635 : PHP 5.x vulnerability - CVE-2012-1171
2014-09-29 00:00:00
seebug
seebug
PHP libxml RSHUTDOWN安全限制绕过漏洞(CVE-2012-1171)
2014-02-21 00:00:00
nessus
nessus
PHP PHP_RSHUTDOWN_FUNCTION Security Bypass
2014-04-01 00:00:00
ubuntucve
ubuntucve
CVE-2012-1171
2014-02-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.1%
Related for CVE-2012-1171