Lucene search

K
ubuntuUbuntuUSN-1569-1
HistorySep 17, 2012 - 12:00 a.m.

PHP vulnerabilities

2012-09-1700:00:00
ubuntu.com
41

7.4 High

AI Score

Confidence

Low

0.163 Low

EPSS

Percentile

96.0%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • php5 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled certain character sequences
when applying HTTP response-splitting protection. A remote attacker could
create a specially-crafted URL and inject arbitrary headers.
(CVE-2011-1398, CVE-2012-4388)

It was discovered that PHP incorrectly handled directories with a large
number of files. This could allow a remote attacker to execute arbitrary
code with the privileges of the web server, or to perform a denial of
service. (CVE-2012-2688)

It was discovered that PHP incorrectly parsed certain PDO prepared
statements. A remote attacker could use this flaw to cause PHP to crash,
leading to a denial of service. (CVE-2012-3450)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchlibapache2-mod-php5< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-cgi< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-cli< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-common< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-curl< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-dev< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-gd< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-gmp< 5.2.4-2ubuntu5.26UNKNOWN
Ubuntu8.04noarchphp5-ldap< 5.2.4-2ubuntu5.26UNKNOWN
Rows per page:
1-10 of 1261