ID

VAR-201205-0246


CVE

CVE-2012-2311


TITLE

PHP-CGI query string parameter vulnerability

Trust: 0.8

sources: CERT/CC: VU#520827

DESCRIPTION

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. This vulnerability CVE-2012-1823 Vulnerability due to insufficient fix for.A third party could execute arbitrary code by placing command line options in the query string. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Ubuntu update for php SECUNIA ADVISORY ID: SA49097 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49097 RELEASE DATE: 2012-05-07 DISCUSS ADVISORY: http://secunia.com/advisories/49097/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49097/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49097 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. For more information: SA49014 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1437-1: http://www.ubuntu.com/usn/usn-1437-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPqqf3AAoJEOxfUAG2iX57MqcIALyiggqZ6SR+lOtdAd7npKd3 lZ3nXZVUvyC5e4/gageT3s2BlmuipGIrBvyraWR2TvAlNYIu7Ia6EMVsjG0T3gHu iM2yB4+wCaV8CIHqzmyN9lDaotxVty9gQ8BdtJaZguwi9+Sw7KfaCw6CXTluqPkU Ocdb7Saz7eVnNnVwTORxOCBnlIZDn4PbiW9tMLZawGTwNgdT/2lMS8czJGVmf/Oj j4c631zN1K8vlnctHCYQAS269nr9jwmEx0JKcWl5khc7XMi/SmcUG9xG4p5JpGrA ZbBAySyLuxr9bdMA3I9Jqxmmq4uaGwpCH8DSfMJd5FHNXKfq7efnL1Hp5mOERHU= =snJW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03368475 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03368475 Version: 1 HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-06-14 Last Updated: 2012-06-14 Potential Security Impact: Remote execution of arbitrary code, privilege elevation, or Denial of Service (DoS). Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. References: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier BACKGROUND For a PGP signed CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-1172 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com HP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17 HP-UX 11i Release Apache Depot name B.11.23 (32-bit) HPUXWS22ATW-B324-32 B.11.23 (64-bit) HPUXWS22ATW-B324-64 B.11.31 (32-bit) HPUXWS22ATW-B324-32 B.11.31 (64-bit) HPUXWS22ATW-B324-64 MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.24 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. HP-UX Web Server Suite v3.24 AFFECTED VERSIONS HP-UX B.11.23 ============== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 14 June 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk/f0GcACgkQ4B86/C0qfVnCEwCfWX2UX+TvBNeJawjexLmPtwjt 1TEAnj7Q3fqZkor5ilSKlW2dNHa1f4aO =pEB+ -----END PGP SIGNATURE----- . Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012 php5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. This update addresses the issue when the PHP CGI interpreter is configured using mod_cgi and mod_actions as described in /usr/share/doc/php5-cgi/README.Debian.gz; however, if an alternate configuration is used to enable PHP CGI processing, it should be reviewed to ensure that command line arguments cannot be passed to the PHP interpreter. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1 Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7 Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8 Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24 In general, a standard system update will make all the necessary changes

Trust: 3.33

sources: NVD: CVE-2012-2311 // CERT/CC: VU#520827 // JVNDB: JVNDB-2012-002392 // BID: 53388 // PACKETSTORM: 123310 // PACKETSTORM: 122468 // PACKETSTORM: 112515 // PACKETSTORM: 112580 // PACKETSTORM: 113905 // PACKETSTORM: 115853 // PACKETSTORM: 122482 // PACKETSTORM: 112474

AFFECTED PRODUCTS

vendor:phpmodel:phpscope:eqversion:5.2.16

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.9

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.11

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.15

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.17

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.10

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.12

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.8

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.14

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.2.13

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.4.1

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:3.0.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.13

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:2.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:2.0b10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.1.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.17

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.18

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.1.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.1.2

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:5.3.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:1.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.5

Trust: 1.0

vendor:the php groupmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp system management homepagescope:lteversion:7.2.0 and earlier (linux windows)

Trust: 0.8

vendor:hewlett packardmodel:hp-ux web server suitescope:lteversion:3.24 and earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8.1

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7 to v10.7.4

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:the php groupmodel:phpscope:ltversion:5.4.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7 to v10.7.4

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:5.4.3

Trust: 0.8

vendor:parallelsmodel:plesk panelscope:eqversion:9.5.4

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.1.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux long life serverscope:eqversion:5.3

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.3

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:junipermodel:ctpview 7.0r1scope:neversion: -

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2bscope:neversion: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux eus 5.6.z serverscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.2.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.4.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2ascope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.5

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:110

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.12

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.4

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.2

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0x64

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:turbolinuxmodel:clientscope:eqversion:2008

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:8.6

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:lotus foundations startscope:eqversion:1.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.1

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:phpmodel:phpscope:neversion:5.3.13

Trust: 0.3

sources: CERT/CC: VU#520827 // BID: 53388 // JVNDB: JVNDB-2012-002392 // CNNVD: CNNVD-201205-109 // NVD: CVE-2012-2311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2311
value: HIGH

Trust: 1.0

NVD: CVE-2012-2311
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-109
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2012-2311
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-002392 // CNNVD: CNNVD-201205-109 // NVD: CVE-2012-2311

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2012-002392 // NVD: CVE-2012-2311

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 112474 // CNNVD: CNNVD-201205-109

TYPE

arbitrary

Trust: 0.7

sources: PACKETSTORM: 123310 // PACKETSTORM: 122468 // PACKETSTORM: 112580 // PACKETSTORM: 113905 // PACKETSTORM: 115853 // PACKETSTORM: 122482 // PACKETSTORM: 112474

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002392

PATCH

title:APPLE-SA-2012-09-19-2url:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Trust: 0.8

title:HT5501url:http://support.apple.com/kb/HT5501

Trust: 0.8

title:HT5501url:http://support.apple.com/kb/HT5501?viewlocale=ja_JP

Trust: 0.8

title:HPSBMU02900 SSRT100992url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03839862

Trust: 0.8

title:HPSBUX02791 SSRT100856url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03368475

Trust: 0.8

title:openSUSE-SU-2012:0866url:http://lists.opensuse.org/opensuse-updates/2012-07/msg00027.html

Trust: 0.8

title:Sec Bug #61910url:https://bugs.php.net/bug.php?id=61910

Trust: 0.8

title:Return to Bug #61910url:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1

Trust: 0.8

title:PHP 5.3.12 and PHP 5.4.2 Released!url:http://www.php.net/archive/2012.php#id2012-05-08-1

Trust: 0.8

title:PHP 5 ChangeLog - Version 5.4.3url:http://www.php.net/ChangeLog-5.php#5.4.3

Trust: 0.8

title:PHP 5.4.3url:http://123.124.177.30/web/xxk/bdxqById.tag?id=43186

Trust: 0.6

title:PHP 5.4.3url:http://123.124.177.30/web/xxk/bdxqById.tag?id=43185

Trust: 0.6

sources: JVNDB: JVNDB-2012-002392 // CNNVD: CNNVD-201205-109

EXTERNAL IDS

db:NVDid:CVE-2012-2311

Trust: 4.2

db:CERT/CCid:VU#520827

Trust: 3.5

db:SECUNIAid:49014

Trust: 1.6

db:SECUNIAid:49085

Trust: 1.6

db:SECTRACKid:1027022

Trust: 1.6

db:JVNDBid:JVNDB-2012-002392

Trust: 0.8

db:CNNVDid:CNNVD-201205-109

Trust: 0.6

db:JUNIPERid:JSA10658

Trust: 0.3

db:CERT/CCid:VU#673343

Trust: 0.3

db:BIDid:53388

Trust: 0.3

db:PACKETSTORMid:123310

Trust: 0.1

db:PACKETSTORMid:122468

Trust: 0.1

db:SECUNIAid:49097

Trust: 0.1

db:PACKETSTORMid:112515

Trust: 0.1

db:PACKETSTORMid:112580

Trust: 0.1

db:PACKETSTORMid:113905

Trust: 0.1

db:PACKETSTORMid:115853

Trust: 0.1

db:PACKETSTORMid:122482

Trust: 0.1

db:PACKETSTORMid:112474

Trust: 0.1

sources: CERT/CC: VU#520827 // BID: 53388 // JVNDB: JVNDB-2012-002392 // PACKETSTORM: 123310 // PACKETSTORM: 122468 // PACKETSTORM: 112515 // PACKETSTORM: 112580 // PACKETSTORM: 113905 // PACKETSTORM: 115853 // PACKETSTORM: 122482 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-109 // NVD: CVE-2012-2311

REFERENCES

url:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Trust: 2.7

url:http://www.kb.cert.org/vuls/id/520827

Trust: 2.7

url:http://www.php.net/archive/2012.php#id2012-05-08-1

Trust: 2.4

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862

Trust: 2.2

url:http://www.securitytracker.com/id?1027022

Trust: 1.6

url:http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=134012830914727&w=2

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html

Trust: 1.6

url:https://bugs.php.net/bug.php?id=61910

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html

Trust: 1.6

url:http://support.apple.com/kb/ht5501

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html

Trust: 1.6

url:http://secunia.com/advisories/49085

Trust: 1.6

url:http://www.php.net/changelog-5.php#5.4.3

Trust: 1.6

url:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1

Trust: 1.6

url:http://www.debian.org/security/2012/dsa-2465

Trust: 1.6

url:http://secunia.com/advisories/49014

Trust: 1.6

url:http://www.php.net/

Trust: 1.1

url:http://www.php.net/archive/2012.php#id2012-05-03-1

Trust: 1.1

url:http://www.php.net/manual/en/security.cgi-bin.php

Trust: 0.8

url:http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices

Trust: 0.8

url:http://php.net/changelog-5.php

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2311

Trust: 0.8

url:http://jvn.jp/cert/jvnvu520827/index.html

Trust: 0.8

url:http://jvn.jp/cert/jvnvu381963/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2311

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2012-2311

Trust: 0.7

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-0883

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-1823

Trust: 0.4

url:http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0

Trust: 0.3

url:http://www-01.ibm.com/software/lotus/products/foundations/start/

Trust: 0.3

url:http://kb.parallels.com/en/113818

Trust: 0.3

url:kb.parallels.com/en/116241

Trust: 0.3

url:https://community.rapid7.com/thread/5174

Trust: 0.3

url:http://seclists.org/fulldisclosure/2013/jun/21

Trust: 0.3

url:http://ompldr.org/vzgxxaq

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100162699

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100165255

Trust: 0.3

url:http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21620314

Trust: 0.3

url:http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/673343

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2357

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2361

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2364

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2363

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2359

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2329

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2335

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3389

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2356

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2110

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2336

Trust: 0.3

url:http://h18013.www1.hp.com/products/servers/management/agents/index.html

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2355

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2360

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-1172

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-5217

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0830

Trust: 0.2

url:http://software.hp.com

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-4153

Trust: 0.2

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5217

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1437-1/

Trust: 0.1

url:http://secunia.com/advisories/49097/#comments

Trust: 0.1

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49097

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/49097/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.8

Trust: 0.1

url:http://people.canonical.com/~ubuntu-security/cve/2012/cve-2012-2311.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.24

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.7

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1437-1

Trust: 0.1

sources: CERT/CC: VU#520827 // BID: 53388 // JVNDB: JVNDB-2012-002392 // PACKETSTORM: 123310 // PACKETSTORM: 122468 // PACKETSTORM: 112515 // PACKETSTORM: 112580 // PACKETSTORM: 113905 // PACKETSTORM: 115853 // PACKETSTORM: 122482 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-109 // NVD: CVE-2012-2311

CREDITS

HP

Trust: 0.5

sources: PACKETSTORM: 123310 // PACKETSTORM: 122468 // PACKETSTORM: 113905 // PACKETSTORM: 115853 // PACKETSTORM: 122482

SOURCES

db:CERT/CCid:VU#520827
db:BIDid:53388
db:JVNDBid:JVNDB-2012-002392
db:PACKETSTORMid:123310
db:PACKETSTORMid:122468
db:PACKETSTORMid:112515
db:PACKETSTORMid:112580
db:PACKETSTORMid:113905
db:PACKETSTORMid:115853
db:PACKETSTORMid:122482
db:PACKETSTORMid:112474
db:CNNVDid:CNNVD-201205-109
db:NVDid:CVE-2012-2311

LAST UPDATE DATE

2024-11-12T22:11:22.625000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#520827date:2013-12-02T00:00:00
db:BIDid:53388date:2015-04-13T22:15:00
db:JVNDBid:JVNDB-2012-002392date:2014-02-06T00:00:00
db:CNNVDid:CNNVD-201205-109date:2023-04-21T00:00:00
db:NVDid:CVE-2012-2311date:2023-11-07T02:10:29.747

SOURCES RELEASE DATE

db:CERT/CCid:VU#520827date:2012-05-03T00:00:00
db:BIDid:53388date:2012-05-04T00:00:00
db:JVNDBid:JVNDB-2012-002392date:2012-05-14T00:00:00
db:PACKETSTORMid:123310date:2013-09-19T22:22:00
db:PACKETSTORMid:122468date:2013-07-18T18:51:07
db:PACKETSTORMid:112515date:2012-05-08T04:16:46
db:PACKETSTORMid:112580date:2012-05-10T03:59:25
db:PACKETSTORMid:113905date:2012-06-19T18:22:00
db:PACKETSTORMid:115853date:2012-08-24T01:40:32
db:PACKETSTORMid:122482date:2013-07-19T19:33:00
db:PACKETSTORMid:112474date:2012-05-06T01:28:45
db:CNNVDid:CNNVD-201205-109date:2012-05-08T00:00:00
db:NVDid:CVE-2012-2311date:2012-05-11T10:15:48.107