Lucene search
RedHatRHSA-2012:0092HistoryFeb 02, 2012 - 12:00 a.m.
(RHSA-2012:0092) Critical: php53 security update
2012-02-0200:00:00
access.redhat.com
25
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.894 High
EPSS
Percentile
98.4%
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
It was discovered that the fix for CVE-2011-4885 (released via
RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced
an uninitialized memory use flaw. A remote attacker could send a specially-
crafted HTTP request to cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2012-0830)
All php53 users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | x86_64 | php53-dba | < 5.3.3-1.el5_7.6 | php53-dba-5.3.3-1.el5_7.6.x86_64.rpm |
| RedHat | 5 | ia64 | php53-pspell | < 5.3.3-1.el5_7.6 | php53-pspell-5.3.3-1.el5_7.6.ia64.rpm |
| RedHat | 5 | i386 | php53-gd | < 5.3.3-1.el5_7.6 | php53-gd-5.3.3-1.el5_7.6.i386.rpm |
| RedHat | 5 | ppc | php53-mbstring | < 5.3.3-1.el5_7.6 | php53-mbstring-5.3.3-1.el5_7.6.ppc.rpm |
| RedHat | 5 | i386 | php53 | < 5.3.3-1.el5_7.6 | php53-5.3.3-1.el5_7.6.i386.rpm |
| RedHat | 5 | i386 | php53-pspell | < 5.3.3-1.el5_7.6 | php53-pspell-5.3.3-1.el5_7.6.i386.rpm |
| RedHat | 5 | i386 | php53-bcmath | < 5.3.3-1.el5_7.6 | php53-bcmath-5.3.3-1.el5_7.6.i386.rpm |
| RedHat | 5 | x86_64 | php53-mysql | < 5.3.3-1.el5_7.6 | php53-mysql-5.3.3-1.el5_7.6.x86_64.rpm |
| RedHat | 5 | x86_64 | php53-ldap | < 5.3.3-1.el5_7.6 | php53-ldap-5.3.3-1.el5_7.6.x86_64.rpm |
| RedHat | 5 | i386 | php53-odbc | < 5.3.3-1.el5_7.6 | php53-odbc-5.3.3-1.el5_7.6.i386.rpm |
Related
fedora
fedora
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.2
2012-02-14 09:05:18
[SECURITY] Fedora 16 Update: php-5.3.10-1.fc16
2012-02-08 22:56:30
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.2
2012-02-08 22:56:30
openvas
openvas
CentOS Update for php53 CESA-2012:0092 centos5
2012-07-30 00:00:00
Fedora Update for maniadrive FEDORA-2012-1301
2012-02-21 00:00:00
CentOS Update for php CESA-2012:0093 centos6
2012-07-30 00:00:00
prion
prion
Design/Logic Flaw
2012-02-06 20:55:00
Code injection
2011-12-30 01:55:00
redhat
redhat
(RHSA-2012:0093) Critical: php security update
2012-02-02 00:00:00
(RHSA-2012:0019) Moderate: php53 and php security update
2012-01-11 00:00:00
(RHSA-2012:0071) Moderate: php security update
2012-01-30 00:00:00
seebug
seebug
PHP "php_register_variable_ex()"函数任意代码执行漏洞(CVE-2012-0830)
2012-02-03 00:00:00
PHP Hashtables Denial of Service
2014-07-01 00:00:00
PHP Web表单哈希冲突拒绝服务漏洞
2012-01-01 00:00:00
nessus
nessus
PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)
2012-02-03 00:00:00
Oracle Linux 5 : php53 (ELSA-2012-0092)
2013-07-12 00:00:00
PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)
2012-02-20 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 01:10:12
Denial Of Service (DoS)
2020-04-10 01:06:05
cve
cve
CVE-2012-0830
2012-02-06 20:55:00
CVE-2011-4885
2011-12-30 01:55:00
ubuntucve
ubuntucve
CVE-2012-0830
2012-02-06 00:00:00
CVE-2011-4885
2011-12-29 00:00:00
amazon
amazon
Critical: php
2012-02-02 16:10:00
Medium: php
2012-01-19 20:10:00
centos
centos
php53 security update
2012-02-03 01:43:26
php security update
2012-02-03 01:41:17
php, php53 security update
2012-01-11 19:19:36
securityvulns
securityvulns
PHP security vulnerabilities
2012-02-08 00:00:00
[ MDVSA-2012:065 ] php
2012-05-01 00:00:00
packetstorm
packetstorm
PHP 5.3.x Hash Collision Proof Of Concept Code
2012-01-02 00:00:00
PHP 5.3.x Hashtables Proof Of Concept
2012-01-01 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)
2014-03-03 00:00:00
PHP php_register_variable_ex Function Code Execution (CVE-2012-0830)
2012-05-14 00:00:00
f5
f5
K13588 : PHP vulnerability CVE-2011-4885
2013-09-11 00:00:00
SOL13588 - PHP vulnerability CVE-2011-4885
2012-05-17 00:00:00
K13519 : Multiple PHP vulnerabilities
2013-09-20 00:00:00
oraclelinux
oraclelinux
php security update
2012-02-02 00:00:00
php53 security update
2012-02-02 00:00:00
php53 and php security update
2012-01-11 00:00:00
exploitpack
exploitpack
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
slackware
slackware
[slackware-security] php
2012-02-10 17:44:15
debian
debian
[SECURITY] [DSA 2403-1] php5 security update
2012-02-02 21:29:48
[SECURITY] [DSA 2403-2] php5 security update
2012-02-06 19:21:50
[SECURITY] [DSA 2399-2] php5 regression fix
2012-01-31 15:26:47
freebsd
freebsd
php -- arbitrary remote code execution vulnerability
2012-02-02 00:00:00
php -- multiple vulnerabilities
2011-12-29 00:00:00
exploitdb
exploitdb
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2012-02-10 00:00:00
PHP regression
2012-02-13 00:00:00
suse
suse
Security update for PHP5 (important)
2012-03-24 03:08:28
update for php5 (important)
2012-03-29 15:08:14
Security update for PHP5 (important)
2012-04-12 23:08:15
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00
osv
osv
php5 - several
2012-01-31 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.894 High
EPSS
Percentile
98.4%
Related for RHSA-2012:0092