Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2012-2317
HistoryAug 07, 2012 - 7:00 p.m.

CVE-2012-2317

2012-08-0719:00:00
redhat
www.cve.org
8
debian
php 5.3.x
authentication bypass

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.

Related

cve 1
prion 1
nvd 1
ubuntucve 1
ubuntu 1
openvas 2
nessus 1
cve
cve
CVE-2012-2317
2012-08-07 19:55:01
prion
prion
Authentication flaw
2012-08-07 19:55:00
nvd
nvd
CVE-2012-2317
2012-08-07 19:55:01
ubuntucve
ubuntucve
CVE-2012-2317
2012-05-14 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2012-06-19 00:00:00
openvas
openvas
Ubuntu Update for php5 USN-1481-1
2012-06-22 00:00:00
Ubuntu: Security Advisory (USN-1481-1)
2012-06-22 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1481-1)
2012-06-20 00:00:00

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON
Related for CVELIST:CVE-2012-2317
cve1prion1nvd1ubuntucve1ubuntu1openvas2nessus1