Lucene search

K
f5F5SOL14574
HistoryAug 07, 2013 - 12:00 a.m.

SOL14574 - PHP vulnerability CVE-2012-1172

2013-08-0700:00:00
support.f5.com
53

EPSS

0.025

Percentile

90.1%

PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products:

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. (CVE-2012-1172)