Lucene search

K

RedhatCVELIST:CVE-2012-0807

HistoryJan 27, 2012 - 12:00 a.m.

CVE-2012-0807

2012-01-2700:00:00

redhat

www.cve.org

1

7.7 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

References

archives.neohapsis.com/archives/fulldisclosure/2012-01/0296.html

lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

secunia.com/advisories/48668

www.openwall.com/lists/oss-security/2012/01/24/11

www.openwall.com/lists/oss-security/2012/01/24/7

bugzilla.redhat.com/show_bug.cgi?id=783350

github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa

7.7 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

Related for CVELIST:CVE-2012-0807

cve1 nvd1 ubuntucve1 prion1 suse5 openvas8 nessus6 securityvulns2 gentoo1