PHP versions prior to 5.3.10 are reportedly affected by a code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability (CVE-2011-4885) itself has introduced a remote code execution vulnerability in the php_register_variable_ex() in the file ‘php_variables.c’. A new configuration variable, ‘max_input_vars’, was added as part of the fix. If the number of input variables exceeds this value and the variable being processed is an array, code execution can occur.

Binary data 6304.prm

VendorProductVersionCPE
phpphpcpe:/a:php:php

Vendor	Product	Version	CPE
php	php		cpe:/a:php:php

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830

packetstormsecurity.com/files/cve/CVE-2012-0830

www.php.net/ChangeLog-5.php#5.3.10

gist.github.com/1725489

seebug 5

packetstorm 2

prion 2

veracode 2

nessus 46

checkpoint_advisories 1

f5 4

exploitpack 2

cve 2

ubuntucve 2

exploitdb 2

openvas 82

fedora 12

redhat 5

centos 5

freebsd 1

amazon 2

oraclelinux 4

securityvulns 6

cert 1

debian 2

osv 1

ubuntu 2

suse 4

gentoo 1

oracle 1

seebug

PHP Hashtables Denial of Service

2014-07-01 00:00:00

PHP Web表单哈希冲突拒绝服务漏洞

2012-01-01 00:00:00

PHP "php_register_variable_ex()"函数任意代码执行漏洞(CVE-2012-0830)

2012-02-03 00:00:00

packetstorm

PHP 5.3.x Hash Collision Proof Of Concept Code

2012-01-02 00:00:00

PHP 5.3.x Hashtables Proof Of Concept

2012-01-01 00:00:00

prion

Code injection

2011-12-30 01:55:00

Design/Logic Flaw

2012-02-06 20:55:00

veracode

Denial Of Service (DoS)

2020-04-10 01:06:05

Remote Code Execution (RCE)

2020-04-10 01:10:12

nessus

F5 Networks BIG-IP : PHP vulnerability (K13588)

2014-10-10 00:00:00

PHP 5.3.9 php_register_variable_ex() Code Execution

2012-02-06 00:00:00

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20120111)

2012-08-01 00:00:00

checkpoint_advisories

PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)

2014-03-03 00:00:00

K13588 : PHP vulnerability CVE-2011-4885

2013-09-11 00:00:00

SOL13588 - PHP vulnerability CVE-2011-4885

2012-05-17 00:00:00

K13519 : Multiple PHP vulnerabilities

2013-09-20 00:00:00

exploitpack

PHP 5.3.8 - Hashtables Denial of Service

2012-01-01 00:00:00

PHP Hash Table Collision - Denial of Service (PoC)

2012-01-03 00:00:00

cve

CVE-2011-4885

2011-12-30 01:55:00

CVE-2012-0830

2012-02-06 20:55:00

ubuntucve

CVE-2011-4885

2011-12-29 00:00:00

CVE-2012-0830

2012-02-06 00:00:00

exploitdb

PHP 5.3.8 - Hashtables Denial of Service

2012-01-01 00:00:00

PHP Hash Table Collision - Denial of Service (PoC)

2012-01-03 00:00:00

openvas

Fedora Update for php-eaccelerator FEDORA-2012-0504

2012-03-19 00:00:00

Fedora Update for php FEDORA-2012-0420

2012-02-01 00:00:00

Fedora Update for maniadrive FEDORA-2012-0420

2012-02-01 00:00:00

fedora

[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.2

2012-02-14 09:05:18

[SECURITY] Fedora 16 Update: php-5.3.10-1.fc16

2012-02-08 22:56:30

[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.1

2012-01-19 22:00:25

redhat

(RHSA-2012:0093) Critical: php security update

2012-02-02 00:00:00

(RHSA-2012:0092) Critical: php53 security update

2012-02-02 00:00:00

(RHSA-2012:0019) Moderate: php53 and php security update

2012-01-11 00:00:00

centos

php, php53 security update

2012-01-11 19:19:36

php53 security update

2012-02-03 01:43:26

php security update

2012-02-03 01:41:17

freebsd

php -- multiple vulnerabilities

2011-12-29 00:00:00

amazon

Critical: php

2012-02-02 16:10:00

Medium: php

2012-01-19 20:10:00

oraclelinux

php53 and php security update

2012-01-11 00:00:00

php security update

2012-01-30 00:00:00

php security update

2012-01-18 00:00:00

securityvulns

PHP security vulnerabilities

2012-02-08 00:00:00

[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision

2012-01-02 00:00:00

[ MDVSA-2012:065 ] php

2012-05-01 00:00:00

cert

Hash table implementations vulnerable to algorithmic complexity attacks

2011-12-28 00:00:00

debian

[SECURITY] [DSA 2399-2] php5 regression fix

2012-01-31 15:26:47

[SECURITY] [DSA 2399-1] php5 security update

2012-01-31 07:22:58

osv

php5 - several

2012-01-31 00:00:00

ubuntu

PHP regression

2012-02-13 00:00:00

PHP vulnerabilities

2012-02-10 00:00:00

suse

Security update for PHP5 (important)

2012-03-24 03:08:28

update for php5 (important)

2012-03-29 15:08:14

Security update for PHP5 (important)

2012-04-12 23:08:15

gentoo

PHP: Multiple vulnerabilities

2012-09-24 00:00:00

oracle

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for 6304.PRM