CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.2%
PHP development team reports:
Security Enhancements and Fixes in PHP 5.3.7:
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz
Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability
in RFC1867 File upload filename). Reported by Krzysztof
Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect().
(CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()).
(CVE-2011-1148)