SOL14574 - PHP vulnerability CVE-2012-1172

2013-08-0700:00:00

support.f5.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.035 Low

EPSS

Percentile

90.5%

JSON

PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products:

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. (CVE-2012-1172)

CPENameOperatorVersion
big-ip apmle11.2.1
enterprise managerle3.0.0
big-ip webacceleratorle9.4.8
big-ip womle11.2.1
big-ip psmle9.4.8
big-ip gtmle9.4.8
big-ip asmle9.4.8
big-ip edge gateway
le11.2.1
big-ip analyticsle11.2.1
big-ip link controllerle9.4.8

Name	Operator	Version
big-ip apm	le	11.2.1
enterprise manager	le	3.0.0
big-ip webaccelerator	le	9.4.8
big-ip wom	le	11.2.1
big-ip psm	le	9.4.8
big-ip gtm	le	9.4.8
big-ip asm	le	9.4.8
big-ip edge gateway	le	11.2.1
big-ip analytics	le	11.2.1
big-ip link controller	le	9.4.8