10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.054 Low
EPSS
Percentile
93.0%
PHP developers reports:
This release focuses on improving the stability of the
PHP 5.2.x branch with over 60 bug fixes, some of which
are security related. All users of PHP 5.2 are encouraged
to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
Fixed a safe_mode bypass in tempnam() identified by
Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
Fixed a open_basedir bypass in posix_mkfifo()
identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
Added “max_file_uploads” INI directive, which can
be set to limit the number of file uploads per-request
to 20 by default, to prevent possible DOS via temporary
file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
Added protection for $_SESSION from interrupt
corruption and improved “session.save_path” check,
identified by Stefan Esser. (CVE-2009-4143, Stas)
Fixed bug #49785 (insufficient input string
validation of htmlspecialchars()). (CVE-2009-4142,
Moriyoshi, hello at iwamot dot com)