Lucene search

K
freebsdFreeBSD60DE13D5-95F0-11E1-806A-001143CD36D8
HistoryMay 03, 2012 - 12:00 a.m.

php -- vulnerability in certain CGI-based setups

2012-05-0300:00:00
vuxml.freebsd.org
36

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.915

Percentile

98.9%

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

Initial fix for cgi-bin ?-s cmdarg parse issue
(CVE-2012-1823)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphp5<Β 5.4.2UNKNOWN
FreeBSDanynoarchphp53<Β 5.3.12UNKNOWN
FreeBSDanynoarchphp4<Β 4.4.10UNKNOWN
FreeBSDanynoarchphp52<Β 5.2.17_8UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.915

Percentile

98.9%