Lucene search

[email protected]NVD:CVE-2011-2202

HistoryJun 16, 2011 - 11:55 p.m.

CVE-2011-2202

2011-06-1623:55:04

CWE-264

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.4 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.2%

JSON

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a “file path injection vulnerability.”

Affected configurations

NVD

Node

phpphpRange≤5.3.6

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

References

bugs.php.net/bug.php?id=54939

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

marc.info/?l=bugtraq&m=133469208622507&w=2

openwall.com/lists/oss-security/2011/06/12/5

openwall.com/lists/oss-security/2011/06/13/15

pastebin.com/1edSuSVN

rhn.redhat.com/errata/RHSA-2012-0071.html

secunia.com/advisories/44874

securitytracker.com/id?1025659

support.apple.com/kb/HT5130

svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103

svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103

svn.php.net/viewvc?view=revision&revision=312103

www.debian.org/security/2011/dsa-2266

www.mandriva.com/security/advisories?name=MDVSA-2011:165

www.php.net/archive/2011.php#id2011-08-18-1

www.php.net/ChangeLog-5.php#5.3.7

www.redhat.com/support/errata/RHSA-2011-1423.html

www.securityfocus.com/bid/48259

www.securityfocus.com/bid/49241

exchange.xforce.ibmcloud.com/vulnerabilities/67999

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.4 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.2%

JSON

Related for NVD:CVE-2011-2202

cve1 veracode1 prion1 cvelist1 ubuntucve1 securityvulns7 openvas54 nessus30 freebsd1 slackware1 fedora9 centos3 redhat3 oraclelinux4 amazon1 ubuntu1 debian2 osv1 suse2 gentoo1