{"result": {"cve": [{"id": "CVE-2012-0830", "type": "cve", "title": "CVE-2012-0830", "description": "The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.", "published": "2012-02-06T15:55:03", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0830", "cvelist": ["CVE-2012-0830"], "lastseen": "2018-01-09T15:22:28"}], "seebug": [{"id": "SSV:30071", "type": "seebug", "title": "PHP "php_register_variable_ex()"\u51fd\u6570\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2012-0830)", "description": "CVE-2012-0830\r\n\r\nPhp\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u7f16\u7a0b\u8bed\u8a00\r\n\r\nPHP\u572812\u6708\u4e3a\u54c8\u5e0c\u78b0\u649e\u62d2\u7edd\u670d\u52a1(CVE-2011-4885)(http://sebug.net/vuldb/ssvid-30001)\u63d0\u4f9b\u7684\u8865\u4e01\u5f15\u51fa\u4e86\u53e6\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\n\u9632\u6b62\u54c8\u5e0c\u78b0\u649e\u7684\u8865\u4e01\u5728php.ini\u4e2d\u5f15\u5165\u4e86\u65b0\u7684\u914d\u7f6e\u5c5e\u6027\uff1a\r\nmax_input_vars\r\n\r\n\u6b64\u914d\u7f6e\u5143\u7d20\u9650\u5236\u7528\u4e8e\u8bf7\u6c42\u4e2d\u4f7f\u7528\u7684\u53d8\u91cf\u6570\u91cf(\u5982http://request.com/foo.php?a=1&b=2&c=3)\uff0c\u9ed8\u8ba4\u8bbe\u7f6e\u4e3a1000\u3002\r\n\r\n\u6f0f\u6d1e\u4fee\u8865\u5728php_variables.c\u4ee3\u7801\u4e2d\u7684php_register_variable_ex\u51fd\u6570\u4e2d\u4f5c\u4e86\u66f4\u6539\uff0c\u4e0d\u8fc7\u5f53\u53d8\u91cf\u6570\u8d85\u8fc7max_input_vars\uff0c\u800c\u53d8\u91cf\u53c8\u662f\u6570\u7ec4\u53d8\u91cf\u65f6(if (*p == \u2018['))\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\u6f0f\u6d1e\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n0\r\nPHP PHP 5.3.9\r\nPHP PHP 5.3.8\r\nPHP PHP 5.3.7\r\nPHP PHP 5.3.6\r\nPHP PHP 5.3.5\r\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\nhttp://svn.php.net/viewvc/php/php-src/trunk/main/php_variables.c?view=markup&pathrev=323007", "published": "2012-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-30071", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2017-11-19T17:55:44"}], "openvas": [{"id": "OPENVAS:136141256231070725", "type": "openvas", "title": "Debian Security Advisory DSA 2403-2 (php5)", "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2403-2.", "published": "2012-02-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070725", "cvelist": ["CVE-2012-0830"], "lastseen": "2018-04-06T11:17:51"}, {"id": "OPENVAS:1361412562310123997", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0093", "description": "Oracle Linux Local Security Checks ELSA-2012-0093", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123997", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-07-24T12:53:08"}, {"id": "OPENVAS:70721", "type": "openvas", "title": "Debian Security Advisory DSA 2403-1 (php5)", "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2403-1.", "published": "2012-02-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70721", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-07-24T12:50:37"}, {"id": "OPENVAS:136141256231071968", "type": "openvas", "title": "Slackware Advisory SSA:2012-041-02 php ", "description": "The remote host is missing an update as announced\nvia advisory SSA:2012-041-02.", "published": "2012-09-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071968", "cvelist": ["CVE-2012-0830"], "lastseen": "2018-04-06T11:17:26"}, {"id": "OPENVAS:1361412562310802590", "type": "openvas", "title": "PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows)", "description": "This host is installed with PHP and is prone to remote arbitrary\n code execution vulnerability.", "published": "2012-02-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802590", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-25T14:36:25"}, {"id": "OPENVAS:71968", "type": "openvas", "title": "Slackware Advisory SSA:2012-041-02 php ", "description": "The remote host is missing an update as announced\nvia advisory SSA:2012-041-02.", "published": "2012-09-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=71968", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-07-24T12:50:38"}, {"id": "OPENVAS:136141256231070721", "type": "openvas", "title": "Debian Security Advisory DSA 2403-1 (php5)", "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2403-1.", "published": "2012-02-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070721", "cvelist": ["CVE-2012-0830"], "lastseen": "2018-04-06T11:17:25"}, {"id": "OPENVAS:70725", "type": "openvas", "title": "Debian Security Advisory DSA 2403-2 (php5)", "description": "The remote host is missing an update to php5\nannounced via advisory DSA 2403-2.", "published": "2012-02-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70725", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-07-24T12:50:42"}, {"id": "OPENVAS:1361412562310123996", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0092", "description": "Oracle Linux Local Security Checks ELSA-2012-0092", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123996", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-07-24T12:53:54"}, {"id": "OPENVAS:881226", "type": "openvas", "title": "CentOS Update for php CESA-2012:0093 centos4 ", "description": "Check for the Version of php", "published": "2012-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881226", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2018-01-02T10:57:40"}], "nessus": [{"id": "ALA_ALAS-2012-41.NASL", "type": "nessus", "title": "Amazon Linux AMI : php (ALAS-2012-41)", "description": "It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.", "published": "2013-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69648", "cvelist": ["CVE-2012-0830"], "lastseen": "2018-04-19T08:04:34"}, {"id": "SL_20120202_PHP_ON_SL4_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via previous php packages) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.\n(CVE-2012-0830)\n\nAll php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61238", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:35:19"}, {"id": "FREEBSD_PKG_3FD040BE4F0B11E19E320025900931F8.NASL", "type": "nessus", "title": "FreeBSD : php -- arbitrary remote code execution vulnerability (3fd040be-4f0b-11e1-9e32-0025900931f8)", "description": "Secunia reports :\n\nA vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.\n\nThe vulnerability is caused due to a logic error within the 'php_register_variable_ex()' function (php_variables.c) when hashing form posts and updating a hash table, which can be exploited to execute arbitrary code.", "published": "2012-02-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57830", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:41:49"}, {"id": "REDHAT-RHSA-2012-0092.NASL", "type": "nessus", "title": "RHEL 5 : php53 (RHSA-2012:0092)", "description": "Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830)\n\nAll php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "published": "2012-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57820", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:34:46"}, {"id": "ORACLELINUX_ELSA-2012-0092.NASL", "type": "nessus", "title": "Oracle Linux 5 : php53 (ELSA-2012-0092)", "description": "From Red Hat Security Advisory 2012:0092 :\n\nUpdated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830)\n\nAll php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68448", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:38:30"}, {"id": "PHP_5_3_9_ACE.NASL", "type": "nessus", "title": "PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)", "description": "The remote host is running a version of PHP that is affected by an arbitrary code execution vulnerability.\n\nSpecifically, the fix for the hash collision denial of service vulnerability (CVE-2011-4885) introduces a remote code execution vulnerability in the function 'php_register_variable_ex()' in the file 'php_variables.c'. A new configuration variable, 'max_input_vars', was added as a part of the fix. If the number of input variables exceeds this value and the variable being processed is an array, code execution can occur.\n\nNote that this script assumes the 'max_input_vars' parameter is set to the default value of 1000, and only runs if 'Report paranoia' is set to 'Paranoid', and 'Enable CGI scanning' is checked.", "published": "2012-02-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58039", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:36:05"}, {"id": "SL_20120202_PHP53_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : php53 on SL5.x i386/x86_64", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via in a previous update for php53) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830)\n\nAll php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61237", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:34:36"}, {"id": "REDHAT-RHSA-2012-0093.NASL", "type": "nessus", "title": "RHEL 4 / 5 / 6 : php (RHSA-2012:0093)", "description": "Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830)\n\nAll php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "published": "2012-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57821", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:40:33"}, {"id": "DEBIAN_DSA-2403.NASL", "type": "nessus", "title": "Debian DSA-2403-2 : php5 - code injection", "description": "Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.", "published": "2012-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57814", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:32:53"}, {"id": "CENTOS_RHSA-2012-0092.NASL", "type": "nessus", "title": "CentOS 5 : php53 (CESA-2012:0092)", "description": "Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830)\n\nAll php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "published": "2012-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57807", "cvelist": ["CVE-2012-0830"], "lastseen": "2017-10-29T13:40:37"}], "exploitdb": [{"id": "EDB-ID:18460", "type": "exploitdb", "title": "PHP 5.4.0RC6 64-bit - Denial of Service", "description": "PHP 5.4.0RC6 (64-bit) - Denial of Service. CVE-2012-0830. Dos exploit for php platform", "published": "2012-02-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/18460/", "cvelist": ["CVE-2012-0830"], "lastseen": "2016-02-02T09:46:44"}], "freebsd": [{"id": "3FD040BE-4F0B-11E1-9E32-0025900931F8", "type": "freebsd", "title": "php -- arbitrary remote code execution vulnerability", "description": "\nSecunia reports:\n\nA vulnerability has been reported in PHP, which can be exploited\n\t by malicious people to compromise a vulnerable system.\nThe vulnerability is caused due to a logic error within the\n\t \"php_register_variable_ex()\" function (php_variables.c) when\n\t hashing form posts and updating a hash table, which can be\n\t exploited to execute arbitrary code.\n\n", "published": "2012-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/3fd040be-4f0b-11e1-9e32-0025900931f8.html", "cvelist": ["CVE-2012-0830"], "lastseen": "2016-09-26T17:24:40"}], "slackware": [{"id": "SSA-2012-041-02", "type": "slackware", "title": "php", "description": "New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\n13.37, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/php-5.3.10-i486-1_slack13.37.txz: Upgraded.\n Fixed arbitrary remote code execution vulnerability reported by Stefan\n Esser, CVE-2012-0830. (Stas, Dmitry)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.10-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.10-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.10-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.10-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.10-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.10-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.10-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.10-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.10-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.10-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.10-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nbf5512a57e0e7ba3c9d836636f056036 php-5.3.10-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n474400e31f8701a07aa97aeee956226e php-5.3.10-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nf359c739e8db9130806c3cb256990804 php-5.3.10-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n5b38767541b0367dd64539537ca3cfc5 php-5.3.10-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nbcccb9fdde0e548d999447b352f4b322 php-5.3.10-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n7bdee84117e3cd1ac8e6087d9c936355 php-5.3.10-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2d05770a236fdc52754e1ba9d657d6d7 php-5.3.10-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n7555e89aa4dc5a6b68c2fcfd1b8a6dc3 php-5.3.10-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\ncf6a47e0046b13b2adba13466b3b5e7e php-5.3.10-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n1191d7d49f21f0dba3c4f35cc19e6b88 n/php-5.3.10-i486-1.txz\n\nSlackware x86_64 -current package:\n25a12f2407be6f03ff1dc50ad1b3c80b n/php-5.3.10-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.3.10-i486-1_slack13.37.txz\n\nThen, restart the httpd daemon.", "published": "2012-02-10T09:44:15", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.480146", "cvelist": ["CVE-2012-0830"], "lastseen": "2018-02-02T18:11:32"}], "oraclelinux": [{"id": "ELSA-2012-0092", "type": "oraclelinux", "title": "php53 security update", "description": "[5.3.3-1.6]\n- add security fix for CVE-2012-0830 (#786757)", "published": "2012-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-0092.html", "cvelist": ["CVE-2012-0830"], "lastseen": "2016-09-04T11:16:34"}, {"id": "ELSA-2012-0093", "type": "oraclelinux", "title": "php security update", "description": "[5.3.3-3.6]\n- add security fix for CVE-2012-0830 (#786743)", "published": "2012-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-0093.html", "cvelist": ["CVE-2012-0830"], "lastseen": "2016-09-04T11:16:06"}, {"id": "ELSA-2012-1046", "type": "oraclelinux", "title": "php security update", "description": "[5.3.3-14]\n- add security fix for CVE-2010-2950\n[5.3.3-13]\n- fix tests for CVE-2012-2143, CVE-2012-0789\n[5.3.3-12]\n- add fix for CVE-2012-2336\n[5.3.3-11]\n- add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057,\n CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386\n[5.3.3-9]\n- correct detection of = in CVE-2012-1823 fix (#818607)\n[5.3.3-8]\n- add security fix for CVE-2012-1823 (#818607)\n[5.3.3-7]\n- add security fix for CVE-2012-0830 (#786744)\n[5.3.3-6]\n- merge Joe's changes:\n- improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH\n- add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148,\n CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470,\n CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740732)\n[5.3.3-5]\n- remove extra php.ini-prod/devel files caused by %patch -b\n[5.3.3-4]\n- add security fixes for CVE-2011-4885, CVE-2011-4566 (#769755)", "published": "2012-06-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1046.html", "cvelist": ["CVE-2011-1471", "CVE-2012-2336", "CVE-2012-2386", "CVE-2011-1148", "CVE-2011-1466", "CVE-2012-0789", "CVE-2012-1823", "CVE-2011-1938", "CVE-2012-2143", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-0708", "CVE-2011-1468", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-4566", "CVE-2011-2202", "CVE-2010-2950", "CVE-2011-4153"], "lastseen": "2016-09-04T11:15:59"}], "debian": [{"id": "DSA-2403", "type": "debian", "title": "php5 -- code injection", "description": "Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 5.2.6.dfsg.1-1+lenny16.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7.\n\nFor the unstable distribution (sid), this problem has been fixed in version 5.3.10-1.\n\nWe recommend that you upgrade your php5 packages.", "published": "2012-02-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2403", "cvelist": ["CVE-2012-0830"], "lastseen": "2016-09-02T18:34:43"}], "amazon": [{"id": "ALAS-2012-41", "type": "amazon", "title": "Critical: php", "description": "**Issue Overview:**\n\nIt was discovered that the fix for [CVE-2011-4885 __](<https://access.redhat.com/security/cve/CVE-2011-4885>) introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.\n\n \n**Affected Packages:** \n\n\nphp\n\n \n**Issue Correction:** \nRun _yum update php_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php-pgsql-5.3.10-1.15.amzn1.i686 \n php-mbstring-5.3.10-1.15.amzn1.i686 \n php-pdo-5.3.10-1.15.amzn1.i686 \n php-mcrypt-5.3.10-1.15.amzn1.i686 \n php-mysqlnd-5.3.10-1.15.amzn1.i686 \n php-mysql-5.3.10-1.15.amzn1.i686 \n php-snmp-5.3.10-1.15.amzn1.i686 \n php-odbc-5.3.10-1.15.amzn1.i686 \n php-intl-5.3.10-1.15.amzn1.i686 \n php-bcmath-5.3.10-1.15.amzn1.i686 \n php-soap-5.3.10-1.15.amzn1.i686 \n php-imap-5.3.10-1.15.amzn1.i686 \n php-debuginfo-5.3.10-1.15.amzn1.i686 \n php-cli-5.3.10-1.15.amzn1.i686 \n php-dba-5.3.10-1.15.amzn1.i686 \n php-embedded-5.3.10-1.15.amzn1.i686 \n php-mssql-5.3.10-1.15.amzn1.i686 \n php-5.3.10-1.15.amzn1.i686 \n php-process-5.3.10-1.15.amzn1.i686 \n php-ldap-5.3.10-1.15.amzn1.i686 \n php-tidy-5.3.10-1.15.amzn1.i686 \n php-common-5.3.10-1.15.amzn1.i686 \n php-devel-5.3.10-1.15.amzn1.i686 \n php-xmlrpc-5.3.10-1.15.amzn1.i686 \n php-xml-5.3.10-1.15.amzn1.i686 \n php-gd-5.3.10-1.15.amzn1.i686 \n php-fpm-5.3.10-1.15.amzn1.i686 \n php-pspell-5.3.10-1.15.amzn1.i686 \n \n src: \n php-5.3.10-1.15.amzn1.src \n \n x86_64: \n php-pspell-5.3.10-1.15.amzn1.x86_64 \n php-imap-5.3.10-1.15.amzn1.x86_64 \n php-tidy-5.3.10-1.15.amzn1.x86_64 \n php-pdo-5.3.10-1.15.amzn1.x86_64 \n php-process-5.3.10-1.15.amzn1.x86_64 \n php-xml-5.3.10-1.15.amzn1.x86_64 \n php-pgsql-5.3.10-1.15.amzn1.x86_64 \n php-mbstring-5.3.10-1.15.amzn1.x86_64 \n php-soap-5.3.10-1.15.amzn1.x86_64 \n php-cli-5.3.10-1.15.amzn1.x86_64 \n php-debuginfo-5.3.10-1.15.amzn1.x86_64 \n php-mysql-5.3.10-1.15.amzn1.x86_64 \n php-common-5.3.10-1.15.amzn1.x86_64 \n php-odbc-5.3.10-1.15.amzn1.x86_64 \n php-5.3.10-1.15.amzn1.x86_64 \n php-bcmath-5.3.10-1.15.amzn1.x86_64 \n php-gd-5.3.10-1.15.amzn1.x86_64 \n php-dba-5.3.10-1.15.amzn1.x86_64 \n php-intl-5.3.10-1.15.amzn1.x86_64 \n php-ldap-5.3.10-1.15.amzn1.x86_64 \n php-embedded-5.3.10-1.15.amzn1.x86_64 \n php-mcrypt-5.3.10-1.15.amzn1.x86_64 \n php-snmp-5.3.10-1.15.amzn1.x86_64 \n php-devel-5.3.10-1.15.amzn1.x86_64 \n php-fpm-5.3.10-1.15.amzn1.x86_64 \n php-xmlrpc-5.3.10-1.15.amzn1.x86_64 \n php-mssql-5.3.10-1.15.amzn1.x86_64 \n php-mysqlnd-5.3.10-1.15.amzn1.x86_64 \n \n \n", "published": "2012-02-02T16:10:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2012-41.html", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2016-09-28T21:04:08"}], "redhat": [{"id": "RHSA-2012:0092", "type": "redhat", "title": "(RHSA-2012:0092) Critical: php53 security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via\nRHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced\nan uninitialized memory use flaw. A remote attacker could send a specially-\ncrafted HTTP request to cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2012-0830)\n\nAll php53 users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "published": "2012-02-02T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0092", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2017-09-09T07:19:35"}, {"id": "RHSA-2012:0093", "type": "redhat", "title": "(RHSA-2012:0093) Critical: php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via\nRHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red\nHat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized\nmemory use flaw. A remote attacker could send a specially-crafted HTTP\nrequest to cause the PHP interpreter to crash or, possibly, execute\narbitrary code. (CVE-2012-0830)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "published": "2012-02-02T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0093", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2017-12-25T20:06:22"}], "centos": [{"id": "CESA-2012:0093", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:0093\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via\nRHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red\nHat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized\nmemory use flaw. A remote attacker could send a specially-crafted HTTP\nrequest to cause the PHP interpreter to crash or, possibly, execute\narbitrary code. (CVE-2012-0830)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018415.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018418.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018420.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-domxml\nphp-embedded\nphp-enchant\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pear\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0093.html", "published": "2012-02-02T20:41:17", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/018415.html", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2017-10-12T14:44:50"}, {"id": "CESA-2012:0092", "type": "centos", "title": "php53 security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:0092\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nIt was discovered that the fix for CVE-2011-4885 (released via\nRHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced\nan uninitialized memory use flaw. A remote attacker could send a specially-\ncrafted HTTP request to cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2012-0830)\n\nAll php53 users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018416.html\n\n**Affected packages:**\nphp53\nphp53-bcmath\nphp53-cli\nphp53-common\nphp53-dba\nphp53-devel\nphp53-gd\nphp53-imap\nphp53-intl\nphp53-ldap\nphp53-mbstring\nphp53-mysql\nphp53-odbc\nphp53-pdo\nphp53-pgsql\nphp53-process\nphp53-pspell\nphp53-snmp\nphp53-soap\nphp53-xml\nphp53-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0092.html", "published": "2012-02-02T20:43:26", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/018416.html", "cvelist": ["CVE-2011-4885", "CVE-2012-0830"], "lastseen": "2017-10-03T18:24:53"}], "suse": [{"id": "SUSE-SU-2012:0411-1", "type": "suse", "title": "Security update for PHP5 (important)", "description": "This update of php5 fixes multiple security flaws:\n\n * CVE-2011-4153, missing checks of return values could\n allow remote attackers to cause a denial of service (NULL\n pointer dereference)\n * CVE-2011-4885, denial of service via hash collisions\n * CVE-2012-0057, specially crafted XSLT stylesheets\n could allow remote attackers to create arbitrary files with\n arbitrary content\n * CVE-2012-0781, remote attackers can cause a denial of\n service via specially crafted input to an application that\n attempts to perform Tidy::diagnose operations\n * CVE-2012-0788, applications that use a PDO driver\n were prone to denial of service flaws which could be\n exploited remotely\n * CVE-2012-0789, memory leak in the timezone\n functionality could allow remote attackers to cause a\n denial of service (memory consumption)\n * CVE-2012-0807, a stack based buffer overflow in\n php5's Suhosin extension could allow remote attackers to\n execute arbitrary code via a long string that is used in a\n Set-Cookie HTTP header\n * CVE-2012-0830, this fixes an incorrect fix for\n CVE-2011-4885 which could allow remote attackers to execute\n arbitrary code via a request containing a large number of\n variables\n * CVE-2012-0831, temporary changes to the\n magic_quotes_gpc directive during the importing of\n environment variables is not properly performed which makes\n it easier for remote attackers to conduct SQL injections\n", "published": "2012-03-24T03:08:28", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html", "cvelist": ["CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "lastseen": "2016-09-04T12:23:18"}, {"id": "OPENSUSE-SU-2012:0426-1", "type": "suse", "title": "update for php5 (important)", "description": "php5 security update\n\n", "published": "2012-03-29T15:08:14", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html", "cvelist": ["CVE-2011-1466", "CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2012-0057", "CVE-2011-4566", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "lastseen": "2016-09-04T12:15:09"}, {"id": "SUSE-SU-2012:0496-1", "type": "suse", "title": "Security update for PHP5 (important)", "description": "This update of php5 fixes multiple security flaws:\n\n * CVE-2011-2202: A php5 upload filename injection was\n fixed.\n * CVE-2011-4566: A integer overflow in the EXIF\n extension was fixed that could be used by attackers to\n crash the interpreter or potentially read memory\n * CVE-2011-3182: Multiple NULL pointer dereferences\n were fixed that could lead to crashes\n * CVE-2011-1466: An integer overflow in the PHP\n calendar extension was fixed that could have led to crashes.\n * CVE-2011-1072: A symlink vulnerability in the PEAR\n installer could be exploited by local attackers to inject\n code.\n * CVE-2011-4153: missing checks of return values could\n allow remote attackers to cause a denial of service (NULL\n pointer dereference)\n * CVE-2011-4885: denial of service via hash collisions\n * CVE-2012-0057: specially crafted XSLT stylesheets\n could allow remote attackers to create arbitrary files with\n arbitrary content\n * CVE-2012-0781: remote attackers can cause a denial of\n service via specially crafted input to an application that\n attempts to perform Tidy::diagnose operations\n * CVE-2012-0788: applications that use a PDO driver\n were prone to denial of service flaws which could be\n exploited remotely\n * CVE-2012-0789: memory leak in the timezone\n functionality could allow remote attackers to cause a\n denial of service (memory consumption)\n * CVE-2012-0807: a stack based buffer overflow in the\n php5 Suhosin extension could allow remote attackers to\n execute arbitrary code via a long string that is used in a\n Set-Cookie HTTP header\n * CVE-2012-0830: this fixes an incorrect fix for\n CVE-2011-4885 which could allow remote attackers to execute\n arbitrary code via a request containing a large number of\n variables\n * CVE-2012-0831: temporary changes to the\n magic_quotes_gpc directive during the importing of\n environment variables is not properly performed which makes\n it easier for remote attackers to conduct SQL injections\n\n Also the following bugs have been fixed:\n\n * allow uploading files bigger than 2GB for 64bit\n systems [bnc#709549]\n * amend README.SUSE to discourage using apache module\n with apache2-worker [bnc#728671]\n", "published": "2012-04-12T23:08:15", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00005.html", "cvelist": ["CVE-2011-1466", "CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-3182", "CVE-2012-0057", "CVE-2011-4566", "CVE-2011-2202", "CVE-2012-0831", "CVE-2011-1072", "CVE-2011-4153", "CVE-2012-0807"], "lastseen": "2016-09-04T12:42:58"}, {"id": "SUSE-SU-2013:1351-1", "type": "suse", "title": "Security update for PHP5 (important)", "description": "php5 has been updated to roll up all pending security fixes\n for Long Term Service Pack Support.\n\n The Following security issues have been fixed:\n\n *\n\n CVE-2013-4635: Integer overflow in the SdnToJewish\n function in jewish.c in the Calendar component in PHP\n allowed context-dependent attackers to cause a denial of\n service (application hang) via a large argument to the\n jdtojewish function.\n\n *\n\n CVE-2013-1635: ext/soap/soap.c in PHP did not\n validate the relationship between the soap.wsdl_cache_dir\n directive and the open_basedir directive, which allowed\n remote attackers to bypass intended access restrictions by\n triggering the creation of cached SOAP WSDL files in an\n arbitrary directory.\n\n *\n\n CVE-2013-1643: The SOAP parser in PHP allowed remote\n attackers to read arbitrary files via a SOAP WSDL file\n containing an XML external entity declaration in\n conjunction with an entity reference, related to an XML\n External Entity (XXE) issue in the soap_xmlParseFile and\n soap_xmlParseMemory functions.\n\n *\n\n CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27\n does not properly consider parsing depth, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact via a\n crafted document that is processed by the\n xml_parse_into_struct function.\n\n *\n\n CVE-2011-1398 / CVE-2012-4388: The sapi_header_op\n function in main/SAPI.c in PHP did not check for %0D\n sequences (aka carriage return characters), which allowed\n remote attackers to bypass an HTTP response-splitting\n protection mechanism via a crafted URL, related to improper\n interaction between the PHP header function and certain\n browsers, as demonstrated by Internet Explorer and Google\n Chrome.\n\n *\n\n CVE-2012-2688: An unspecified vulnerability in the\n _php_stream_scandir function in the stream implementation\n in PHP had unknown impact and remote attack vectors,\n related to an "overflow."\n\n *\n\n CVE-2012-3365: The SQLite functionality in PHP before\n 5.3.15 allowed remote attackers to bypass the open_basedir\n protection mechanism via unspecified vectors.\n\n *\n\n CVE-2012-1823: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), did not properly\n handle query strings that lack an = (equals sign)\n character, which allowed remote attackers to execute\n arbitrary code by placing command-line options in the query\n string, related to lack of skipping a certain php_getopt\n for the 'd' case.\n\n *\n\n CVE-2012-2335: php-wrapper.fcgi did not properly\n handle command-line arguments, which allowed remote\n attackers to bypass a protection mechanism in PHP and\n execute arbitrary code by leveraging improper interaction\n between the PHP sapi/cgi/cgi_main.c component and a query\n string beginning with a +- sequence.\n\n *\n\n CVE-2012-2336: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), did not properly\n handle query strings that lack an = (equals sign)\n character, which allowed remote attackers to cause a denial\n of service (resource consumption) by placing command-line\n options in the query string, related to lack of skipping a\n certain php_getopt for the 'T' case. NOTE: this\n vulnerability exists because of an incomplete fix for\n CVE-2012-1823.\n\n *\n\n CVE-2012-2311: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), does not properly\n handle query strings that contain a %3D sequence but no =\n (equals sign) character, which allows remote attackers to\n execute arbitrary code by placing command-line options in\n the query string, related to lack of skipping a certain\n php_getopt for the 'd' case. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2012-1823.\n\n *\n\n CVE-2012-1172: The file-upload implementation in\n rfc1867.c in PHP did not properly handle invalid [ (open\n square bracket) characters in name values, which makes it\n easier for remote attackers to cause a denial of service\n (malformed $_FILES indexes) or conduct directory traversal\n attacks during multi-file uploads by leveraging a script\n that lacks its own filename restrictions.\n\n *\n\n CVE-2012-0830: The php_register_variable_ex function\n in php_variables.c in PHP allowed remote attackers to\n execute arbitrary code via a request containing a large\n number of variables, related to improper handling of array\n variables. NOTE: this vulnerability exists because of an\n incorrect fix for CVE-2011-4885.\n\n *\n\n CVE-2012-0807: Stack-based buffer overflow in the\n suhosin_encrypt_single_cookie function in the transparent\n cookie-encryption feature in the Suhosin extension before\n 0.9.33 for PHP, when suhosin.cookie.encrypt and\n suhosin.multiheader are enabled, might have allowed remote\n attackers to execute arbitrary code via a long string that\n is used in a Set-Cookie HTTP header.\n\n *\n\n CVE-2012-0057: PHP had improper libxslt security\n settings, which allowed remote attackers to create\n arbitrary files via a crafted XSLT stylesheet that uses the\n libxslt output extension.\n\n *\n\n CVE-2012-0831: PHP did not properly perform a\n temporary change to the magic_quotes_gpc directive during\n the importing of environment variables, which made it\n easier for remote attackers to conduct SQL injection\n attacks via a crafted request, related to\n main/php_variables.c, sapi/cgi/cgi_main.c, and\n sapi/fpm/fpm/fpm_main.c.\n\n *\n\n CVE-2011-4153: PHP did not always check the return\n value of the zend_strndup function, which might have\n allowed remote attackers to cause a denial of service (NULL\n pointer dereference and application crash) via crafted\n input to an application that performs strndup operations on\n untrusted string data, as demonstrated by the define\n function in zend_builtin_functions.c, and unspecified\n functions in ext/soap/php_sdl.c, ext/standard/syslog.c,\n ext/standard/browscap.c, ext/oci8/oci8.c,\n ext/com_dotnet/com_typeinfo.c, and\n main/php_open_temporary_file.c.\n\n *\n\n CVE-2012-0781: The tidy_diagnose function in PHP\n might have allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via crafted input to an application that attempts to\n perform Tidy::diagnose operations on invalid objects, a\n different vulnerability than CVE-2011-4153.\n\n *\n\n CVE-2012-0788: The PDORow implementation in PHP did\n not properly interact with the session feature, which\n allowed remote attackers to cause a denial of service\n (application crash) via a crafted application that uses a\n PDO driver for a fetch and then calls the session_start\n function, as demonstrated by a crash of the Apache HTTP\n Server.\n\n *\n\n CVE-2012-0789: Memory leak in the timezone\n functionality in PHP allowed remote attackers to cause a\n denial of service (memory consumption) by triggering many\n strtotime function calls, which were not properly handled\n by the php_date_parse_tzfile cache.\n\n *\n\n CVE-2011-4885: PHP computed hash values for form\n parameters without restricting the ability to trigger hash\n collisions predictably, which allowed remote attackers to\n cause a denial of service (CPU consumption) by sending many\n crafted parameters. We added a max_input_vars directive to\n prevent attacks based on hash collisions.\n\n *\n\n CVE-2011-4566: Integer overflow in the\n exif_process_IFD_TAG function in exif.c in the exif\n extension in PHP allowed remote attackers to read the\n contents of arbitrary memory locations or cause a denial of\n service via a crafted offset_val value in an EXIF header in\n a JPEG file, a different vulnerability than CVE-2011-0708.\n\n *\n\n CVE-2011-3182: PHP did not properly check the return\n values of the malloc, calloc, and realloc library\n functions, which allowed context-dependent attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) or trigger a buffer overflow by\n leveraging the ability to provide an arbitrary value for a\n function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3)\n ext/date/lib/parse_iso_intervals.c, (4)\n ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7)\n ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c,\n (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c,\n and (11) the strtotime function.\n\n *\n\n CVE-2011-1466: Integer overflow in the SdnToJulian\n function in the Calendar extension in PHP allowed\n context-dependent attackers to cause a denial of service\n (application crash) via a large integer in the first\n argument to the cal_from_jd function.\n\n *\n\n CVE-2011-1072: The installer in PEAR allowed local\n users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2)\n cache_dir, (3) tmp_dir, and (4) pear-build-download\n directories, a different vulnerability than CVE-2007-2519.\n\n *\n\n CVE-2011-2202: The rfc1867_post_handler function in\n main/rfc1867.c in PHP did not properly restrict filenames\n in multipart/form-data POST requests, which allowed remote\n attackers to conduct absolute path traversal attacks, and\n possibly create or overwrite arbitrary files, via a crafted\n upload request, related to a "file path injection\n vulnerability."\n\n Bugfixes:\n\n * fixed php bug #43200 (Interface implementation /\n inheritence not possible in abstract classes) [bnc#783239]\n * use FilesMatch with 'SetHandler' rather than\n 'AddHandler' [bnc#775852]\n * fixed unpredictable unpack()/pack() behaviour\n [bnc#753778]\n * memory corruption in parse_ini_string() [bnc#742806]\n * amend README.SUSE to discourage using apache module\n with apache2-worker [bnc#728671]\n * allow uploading files bigger than 2GB for 64bit\n systems [bnc#709549]\n", "published": "2013-08-16T21:04:11", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00016.html", "cvelist": ["CVE-2012-2311", "CVE-2013-4113", "CVE-2012-2336", "CVE-2011-1466", "CVE-2012-0789", "CVE-2013-1643", "CVE-2012-2335", "CVE-2012-1823", "CVE-2011-4885", "CVE-2012-2688", "CVE-2011-1398", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-0708", "CVE-2013-4635", "CVE-2011-4388", "CVE-2011-3182", "CVE-2012-4388", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4566", "CVE-2007-2519", "CVE-2013-1635", "CVE-2011-2202", "CVE-2012-0831", "CVE-2011-1072", "CVE-2011-4153", "CVE-2012-0807", "CVE-2012-3365"], "lastseen": "2016-09-04T11:52:15"}], "ubuntu": [{"id": "USN-1358-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885)\n\nATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a \u201cmax_input_vars\u201d directive to the php.ini configuration file. See <http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars> for more information.\n\nStefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830)\n\nIt was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153)\n\nIt was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057)\n\nIt was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)\n\nIt was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent an SQL injection. (CVE-2012-0831)\n\nUSN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441)", "published": "2012-02-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1358-1/", "cvelist": ["CVE-2011-0441", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153"], "lastseen": "2018-03-29T18:18:39"}, {"id": "USN-1358-2", "type": "ubuntu", "title": "PHP regression", "description": "USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885)\n\nATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a \u201cmax_input_vars\u201d directive to the php.ini configuration file. See <http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars> for more information.\n\nStefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830)\n\nIt was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153)\n\nIt was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057)\n\nIt was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)\n\nIt was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent an SQL injection. (CVE-2012-0831)\n\nUSN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441)", "published": "2012-02-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1358-2/", "cvelist": ["CVE-2011-0441", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153"], "lastseen": "2018-03-29T18:20:27"}], "gentoo": [{"id": "GLSA-201209-03", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.3.15\"\n \n\nAll PHP users on ARM should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.4.5\"", "published": "2012-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201209-03", "cvelist": ["CVE-2012-2311", "CVE-2012-2336", "CVE-2012-2386", "CVE-2012-3450", "CVE-2012-0789", "CVE-2012-2335", "CVE-2012-1823", "CVE-2012-2143", "CVE-2011-4885", "CVE-2012-2688", "CVE-2011-1398", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4566", "CVE-2011-3379", "CVE-2012-0831", "CVE-2012-3365"], "lastseen": "2016-09-06T19:46:08"}], "f5": [{"id": "F5:K13519", "type": "f5", "title": "Multiple PHP vulnerabilities", "description": "\nF5 Product Development has assigned ID 383081 (BIG-IP 10.x), ID 375749 (BIG-IP 11.x), and ID 383544 (FirePass) to this vulnerability. To find out whether F5 has determined whether your release is vulnerable, refer to the following table: \n\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0 \n \n| administrative access on any interface \n \nBIG-IP GTM| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0| administrative access on any interface \n \nBIG-IP ASM| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0| administrative access on any interface \n \nBIG-IP Link Controller| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0| administrative access on any interface \n \nBIG-IP WebAccelerator| None| 10.0.0 1 10.2.4 \n11.0.0 - 11.3.0 \n| None \nBIG-IP PSM| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0| administrative access on any interface \n \nBIG-IP WOM| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.3.0| administrative access on any interface \n \nBIG-IP APM| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0| administrative access on any interface \n \nBIG-IP Edge Gateway \n| 10.0.0 - 10.2.4 \n11.0.0 - 11.1.0 \n| 11.2.0 - 11.4.0| administrative access on any interface \nBIG-IP Analytics \n| 11.0.0 - 11.1.0| 11.2.0 - 11.4.0 \n| administrative access on any interface \nBIG-IP AFM \n| None| 11.3.0 - 11.4.0| None \nBIG-IP PEM \n| None| 11.3.0 - 11.4.0| None \nBIG-IP AAM| None| 11.4.0 \n| None \nFirePass| 6.x \n7.x| None \n| Administrative console logon page \nUser access logon page \nEnterprise Manager| None \n| 1.x \n2.x \n3.x| None \n \nARX| None| 5.x \n6.x| None \n\n\nTo mitigate this vulnerability, expose the administrative interface only on trusted networks and limit login access to trusted users.\n\n**Impact of action:** None. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2012-04-05T03:11:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K13519", "cvelist": ["CVE-2007-3799", "CVE-2010-4697", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0830", "CVE-2006-7243", "CVE-2011-0708", "CVE-2010-3870", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-1470", "CVE-2011-4566", "CVE-2011-3267", "CVE-2010-3710", "CVE-2006-0207"], "lastseen": "2017-06-08T00:16:30"}, {"id": "SOL13519", "type": "f5", "title": "SOL13519 - Multiple PHP vulnerabilities", "description": "Vulnerability Recommended Actions\n\nTo mitigate this vulnerability, expose the administrative interface only on trusted networks and limit login access to trusted users.\n\n**Impact of action:** None. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2012-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/13000/500/sol13519.html", "cvelist": ["CVE-2007-3799", "CVE-2010-4697", "CVE-2011-4885", "CVE-2011-2483", "CVE-2012-0830", "CVE-2006-7243", "CVE-2011-0708", "CVE-2010-3870", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-1470", "CVE-2011-4566", "CVE-2011-3267", "CVE-2010-3710", "CVE-2006-0207"], "lastseen": "2016-11-09T00:09:36"}]}}