Lucene search

K
nvd[email protected]NVD:CVE-2012-2317
HistoryAug 07, 2012 - 7:55 p.m.

CVE-2012-2317

2012-08-0719:55:01
CWE-310
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7

Confidence

Low

EPSS

0.002

Percentile

55.7%

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.

Affected configurations

NVD
Node
debianphp5-commonRange5.3.2-1
OR
debianphp5-commonMatch5.3.3-7\+squeeze4
OR
debiandebian_linux
Node
canonicalphp5Range5.3.2-1ubuntu4.16
OR
canonicalphp5Match5.3.2-1ubuntu4.17
OR
canonicalubuntu_linuxMatch10.04-lts
Node
canonicalphp5Range5.3.5-1ubuntu7.9
OR
canonicalphp5Match5.3.5-1ubuntu7.10
OR
canonicalubuntu_linuxMatch11.04

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7

Confidence

Low

EPSS

0.002

Percentile

55.7%