Details of VAR-201205-0305

ID

VAR-201205-0305

CVE

CVE-2012-1823

TITLE

PHP-CGI of query string Vulnerability in processing

Trust: 0.8

sources: JVNDB: JVNDB-2012-002235

DESCRIPTION

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: PHP PHP-CGI QUERY_STRING Parameter Vulnerability SECUNIA ADVISORY ID: SA49014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49014 RELEASE DATE: 2012-05-04 DISCUSS ADVISORY: http://secunia.com/advisories/49014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: De Eindbazen has reported a vulnerability in PHP, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. The vulnerability is caused due to an error when parsing certain QUERY_STRING parameters. This can be exploited to e.g. The vulnerability is reported in versions 5.3.12 and prior and versions 5.4.2 and prior. SOLUTION: Apply patch or workaround. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: De Eindbazen ORIGINAL ADVISORY: PHP: https://bugs.php.net/bug.php?id=61910 De Eindbazen: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ US-CERT VU#520827: http://www.kb.cert.org/vuls/id/520827 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1. We recommend that you upgrade your php5 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. For more information see vulnerability #1 in: SA49014 SOLUTION: Apply updated packages via the apt-get package manager. Relevant releases/architectures: RHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2012:0568-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0568.html Issue date: 2012-05-10 CVE Names: CVE-2012-1823 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.1) - i386, ppc64, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823) Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827) 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: php-5.1.6-23.3.el5_3.src.rpm i386: php-5.1.6-23.3.el5_3.i386.rpm php-bcmath-5.1.6-23.3.el5_3.i386.rpm php-cli-5.1.6-23.3.el5_3.i386.rpm php-common-5.1.6-23.3.el5_3.i386.rpm php-dba-5.1.6-23.3.el5_3.i386.rpm php-debuginfo-5.1.6-23.3.el5_3.i386.rpm php-devel-5.1.6-23.3.el5_3.i386.rpm php-gd-5.1.6-23.3.el5_3.i386.rpm php-imap-5.1.6-23.3.el5_3.i386.rpm php-ldap-5.1.6-23.3.el5_3.i386.rpm php-mbstring-5.1.6-23.3.el5_3.i386.rpm php-mysql-5.1.6-23.3.el5_3.i386.rpm php-ncurses-5.1.6-23.3.el5_3.i386.rpm php-odbc-5.1.6-23.3.el5_3.i386.rpm php-pdo-5.1.6-23.3.el5_3.i386.rpm php-pgsql-5.1.6-23.3.el5_3.i386.rpm php-snmp-5.1.6-23.3.el5_3.i386.rpm php-soap-5.1.6-23.3.el5_3.i386.rpm php-xml-5.1.6-23.3.el5_3.i386.rpm php-xmlrpc-5.1.6-23.3.el5_3.i386.rpm ia64: php-5.1.6-23.3.el5_3.ia64.rpm php-bcmath-5.1.6-23.3.el5_3.ia64.rpm php-cli-5.1.6-23.3.el5_3.ia64.rpm php-common-5.1.6-23.3.el5_3.ia64.rpm php-dba-5.1.6-23.3.el5_3.ia64.rpm php-debuginfo-5.1.6-23.3.el5_3.ia64.rpm php-devel-5.1.6-23.3.el5_3.ia64.rpm php-gd-5.1.6-23.3.el5_3.ia64.rpm php-imap-5.1.6-23.3.el5_3.ia64.rpm php-ldap-5.1.6-23.3.el5_3.ia64.rpm php-mbstring-5.1.6-23.3.el5_3.ia64.rpm php-mysql-5.1.6-23.3.el5_3.ia64.rpm php-ncurses-5.1.6-23.3.el5_3.ia64.rpm php-odbc-5.1.6-23.3.el5_3.ia64.rpm php-pdo-5.1.6-23.3.el5_3.ia64.rpm php-pgsql-5.1.6-23.3.el5_3.ia64.rpm php-snmp-5.1.6-23.3.el5_3.ia64.rpm php-soap-5.1.6-23.3.el5_3.ia64.rpm php-xml-5.1.6-23.3.el5_3.ia64.rpm php-xmlrpc-5.1.6-23.3.el5_3.ia64.rpm x86_64: php-5.1.6-23.3.el5_3.x86_64.rpm php-bcmath-5.1.6-23.3.el5_3.x86_64.rpm php-cli-5.1.6-23.3.el5_3.x86_64.rpm php-common-5.1.6-23.3.el5_3.x86_64.rpm php-dba-5.1.6-23.3.el5_3.x86_64.rpm php-debuginfo-5.1.6-23.3.el5_3.x86_64.rpm php-devel-5.1.6-23.3.el5_3.x86_64.rpm php-gd-5.1.6-23.3.el5_3.x86_64.rpm php-imap-5.1.6-23.3.el5_3.x86_64.rpm php-ldap-5.1.6-23.3.el5_3.x86_64.rpm php-mbstring-5.1.6-23.3.el5_3.x86_64.rpm php-mysql-5.1.6-23.3.el5_3.x86_64.rpm php-ncurses-5.1.6-23.3.el5_3.x86_64.rpm php-odbc-5.1.6-23.3.el5_3.x86_64.rpm php-pdo-5.1.6-23.3.el5_3.x86_64.rpm php-pgsql-5.1.6-23.3.el5_3.x86_64.rpm php-snmp-5.1.6-23.3.el5_3.x86_64.rpm php-soap-5.1.6-23.3.el5_3.x86_64.rpm php-xml-5.1.6-23.3.el5_3.x86_64.rpm php-xmlrpc-5.1.6-23.3.el5_3.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: php-5.1.6-27.el5_6.4.src.rpm i386: php-5.1.6-27.el5_6.4.i386.rpm php-bcmath-5.1.6-27.el5_6.4.i386.rpm php-cli-5.1.6-27.el5_6.4.i386.rpm php-common-5.1.6-27.el5_6.4.i386.rpm php-dba-5.1.6-27.el5_6.4.i386.rpm php-debuginfo-5.1.6-27.el5_6.4.i386.rpm php-devel-5.1.6-27.el5_6.4.i386.rpm php-gd-5.1.6-27.el5_6.4.i386.rpm php-imap-5.1.6-27.el5_6.4.i386.rpm php-ldap-5.1.6-27.el5_6.4.i386.rpm php-mbstring-5.1.6-27.el5_6.4.i386.rpm php-mysql-5.1.6-27.el5_6.4.i386.rpm php-ncurses-5.1.6-27.el5_6.4.i386.rpm php-odbc-5.1.6-27.el5_6.4.i386.rpm php-pdo-5.1.6-27.el5_6.4.i386.rpm php-pgsql-5.1.6-27.el5_6.4.i386.rpm php-snmp-5.1.6-27.el5_6.4.i386.rpm php-soap-5.1.6-27.el5_6.4.i386.rpm php-xml-5.1.6-27.el5_6.4.i386.rpm php-xmlrpc-5.1.6-27.el5_6.4.i386.rpm ia64: php-5.1.6-27.el5_6.4.ia64.rpm php-bcmath-5.1.6-27.el5_6.4.ia64.rpm php-cli-5.1.6-27.el5_6.4.ia64.rpm php-common-5.1.6-27.el5_6.4.ia64.rpm php-dba-5.1.6-27.el5_6.4.ia64.rpm php-debuginfo-5.1.6-27.el5_6.4.ia64.rpm php-devel-5.1.6-27.el5_6.4.ia64.rpm php-gd-5.1.6-27.el5_6.4.ia64.rpm php-imap-5.1.6-27.el5_6.4.ia64.rpm php-ldap-5.1.6-27.el5_6.4.ia64.rpm php-mbstring-5.1.6-27.el5_6.4.ia64.rpm php-mysql-5.1.6-27.el5_6.4.ia64.rpm php-ncurses-5.1.6-27.el5_6.4.ia64.rpm php-odbc-5.1.6-27.el5_6.4.ia64.rpm php-pdo-5.1.6-27.el5_6.4.ia64.rpm php-pgsql-5.1.6-27.el5_6.4.ia64.rpm php-snmp-5.1.6-27.el5_6.4.ia64.rpm php-soap-5.1.6-27.el5_6.4.ia64.rpm php-xml-5.1.6-27.el5_6.4.ia64.rpm php-xmlrpc-5.1.6-27.el5_6.4.ia64.rpm ppc: php-5.1.6-27.el5_6.4.ppc.rpm php-bcmath-5.1.6-27.el5_6.4.ppc.rpm php-cli-5.1.6-27.el5_6.4.ppc.rpm php-common-5.1.6-27.el5_6.4.ppc.rpm php-dba-5.1.6-27.el5_6.4.ppc.rpm php-debuginfo-5.1.6-27.el5_6.4.ppc.rpm php-devel-5.1.6-27.el5_6.4.ppc.rpm php-gd-5.1.6-27.el5_6.4.ppc.rpm php-imap-5.1.6-27.el5_6.4.ppc.rpm php-ldap-5.1.6-27.el5_6.4.ppc.rpm php-mbstring-5.1.6-27.el5_6.4.ppc.rpm php-mysql-5.1.6-27.el5_6.4.ppc.rpm php-ncurses-5.1.6-27.el5_6.4.ppc.rpm php-odbc-5.1.6-27.el5_6.4.ppc.rpm php-pdo-5.1.6-27.el5_6.4.ppc.rpm php-pgsql-5.1.6-27.el5_6.4.ppc.rpm php-snmp-5.1.6-27.el5_6.4.ppc.rpm php-soap-5.1.6-27.el5_6.4.ppc.rpm php-xml-5.1.6-27.el5_6.4.ppc.rpm php-xmlrpc-5.1.6-27.el5_6.4.ppc.rpm s390x: php-5.1.6-27.el5_6.4.s390x.rpm php-bcmath-5.1.6-27.el5_6.4.s390x.rpm php-cli-5.1.6-27.el5_6.4.s390x.rpm php-common-5.1.6-27.el5_6.4.s390x.rpm php-dba-5.1.6-27.el5_6.4.s390x.rpm php-debuginfo-5.1.6-27.el5_6.4.s390x.rpm php-devel-5.1.6-27.el5_6.4.s390x.rpm php-gd-5.1.6-27.el5_6.4.s390x.rpm php-imap-5.1.6-27.el5_6.4.s390x.rpm php-ldap-5.1.6-27.el5_6.4.s390x.rpm php-mbstring-5.1.6-27.el5_6.4.s390x.rpm php-mysql-5.1.6-27.el5_6.4.s390x.rpm php-ncurses-5.1.6-27.el5_6.4.s390x.rpm php-odbc-5.1.6-27.el5_6.4.s390x.rpm php-pdo-5.1.6-27.el5_6.4.s390x.rpm php-pgsql-5.1.6-27.el5_6.4.s390x.rpm php-snmp-5.1.6-27.el5_6.4.s390x.rpm php-soap-5.1.6-27.el5_6.4.s390x.rpm php-xml-5.1.6-27.el5_6.4.s390x.rpm php-xmlrpc-5.1.6-27.el5_6.4.s390x.rpm x86_64: php-5.1.6-27.el5_6.4.x86_64.rpm php-bcmath-5.1.6-27.el5_6.4.x86_64.rpm php-cli-5.1.6-27.el5_6.4.x86_64.rpm php-common-5.1.6-27.el5_6.4.x86_64.rpm php-dba-5.1.6-27.el5_6.4.x86_64.rpm php-debuginfo-5.1.6-27.el5_6.4.x86_64.rpm php-devel-5.1.6-27.el5_6.4.x86_64.rpm php-gd-5.1.6-27.el5_6.4.x86_64.rpm php-imap-5.1.6-27.el5_6.4.x86_64.rpm php-ldap-5.1.6-27.el5_6.4.x86_64.rpm php-mbstring-5.1.6-27.el5_6.4.x86_64.rpm php-mysql-5.1.6-27.el5_6.4.x86_64.rpm php-ncurses-5.1.6-27.el5_6.4.x86_64.rpm php-odbc-5.1.6-27.el5_6.4.x86_64.rpm php-pdo-5.1.6-27.el5_6.4.x86_64.rpm php-pgsql-5.1.6-27.el5_6.4.x86_64.rpm php-snmp-5.1.6-27.el5_6.4.x86_64.rpm php-soap-5.1.6-27.el5_6.4.x86_64.rpm php-xml-5.1.6-27.el5_6.4.x86_64.rpm php-xmlrpc-5.1.6-27.el5_6.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.0): Source: php-5.3.2-6.el6_0.2.src.rpm i386: php-5.3.2-6.el6_0.2.i686.rpm php-cli-5.3.2-6.el6_0.2.i686.rpm php-common-5.3.2-6.el6_0.2.i686.rpm php-debuginfo-5.3.2-6.el6_0.2.i686.rpm php-gd-5.3.2-6.el6_0.2.i686.rpm php-ldap-5.3.2-6.el6_0.2.i686.rpm php-mysql-5.3.2-6.el6_0.2.i686.rpm php-odbc-5.3.2-6.el6_0.2.i686.rpm php-pdo-5.3.2-6.el6_0.2.i686.rpm php-pgsql-5.3.2-6.el6_0.2.i686.rpm php-soap-5.3.2-6.el6_0.2.i686.rpm php-xml-5.3.2-6.el6_0.2.i686.rpm php-xmlrpc-5.3.2-6.el6_0.2.i686.rpm ppc64: php-5.3.2-6.el6_0.2.ppc64.rpm php-cli-5.3.2-6.el6_0.2.ppc64.rpm php-common-5.3.2-6.el6_0.2.ppc64.rpm php-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm php-gd-5.3.2-6.el6_0.2.ppc64.rpm php-ldap-5.3.2-6.el6_0.2.ppc64.rpm php-mysql-5.3.2-6.el6_0.2.ppc64.rpm php-odbc-5.3.2-6.el6_0.2.ppc64.rpm php-pdo-5.3.2-6.el6_0.2.ppc64.rpm php-pgsql-5.3.2-6.el6_0.2.ppc64.rpm php-soap-5.3.2-6.el6_0.2.ppc64.rpm php-xml-5.3.2-6.el6_0.2.ppc64.rpm php-xmlrpc-5.3.2-6.el6_0.2.ppc64.rpm s390x: php-5.3.2-6.el6_0.2.s390x.rpm php-cli-5.3.2-6.el6_0.2.s390x.rpm php-common-5.3.2-6.el6_0.2.s390x.rpm php-debuginfo-5.3.2-6.el6_0.2.s390x.rpm php-gd-5.3.2-6.el6_0.2.s390x.rpm php-ldap-5.3.2-6.el6_0.2.s390x.rpm php-mysql-5.3.2-6.el6_0.2.s390x.rpm php-odbc-5.3.2-6.el6_0.2.s390x.rpm php-pdo-5.3.2-6.el6_0.2.s390x.rpm php-pgsql-5.3.2-6.el6_0.2.s390x.rpm php-soap-5.3.2-6.el6_0.2.s390x.rpm php-xml-5.3.2-6.el6_0.2.s390x.rpm php-xmlrpc-5.3.2-6.el6_0.2.s390x.rpm x86_64: php-5.3.2-6.el6_0.2.x86_64.rpm php-cli-5.3.2-6.el6_0.2.x86_64.rpm php-common-5.3.2-6.el6_0.2.x86_64.rpm php-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm php-gd-5.3.2-6.el6_0.2.x86_64.rpm php-ldap-5.3.2-6.el6_0.2.x86_64.rpm php-mysql-5.3.2-6.el6_0.2.x86_64.rpm php-odbc-5.3.2-6.el6_0.2.x86_64.rpm php-pdo-5.3.2-6.el6_0.2.x86_64.rpm php-pgsql-5.3.2-6.el6_0.2.x86_64.rpm php-soap-5.3.2-6.el6_0.2.x86_64.rpm php-xml-5.3.2-6.el6_0.2.x86_64.rpm php-xmlrpc-5.3.2-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.1): Source: php-5.3.3-3.el6_1.4.src.rpm i386: php-5.3.3-3.el6_1.4.i686.rpm php-cli-5.3.3-3.el6_1.4.i686.rpm php-common-5.3.3-3.el6_1.4.i686.rpm php-debuginfo-5.3.3-3.el6_1.4.i686.rpm php-gd-5.3.3-3.el6_1.4.i686.rpm php-ldap-5.3.3-3.el6_1.4.i686.rpm php-mysql-5.3.3-3.el6_1.4.i686.rpm php-odbc-5.3.3-3.el6_1.4.i686.rpm php-pdo-5.3.3-3.el6_1.4.i686.rpm php-pgsql-5.3.3-3.el6_1.4.i686.rpm php-soap-5.3.3-3.el6_1.4.i686.rpm php-xml-5.3.3-3.el6_1.4.i686.rpm php-xmlrpc-5.3.3-3.el6_1.4.i686.rpm ppc64: php-5.3.3-3.el6_1.4.ppc64.rpm php-cli-5.3.3-3.el6_1.4.ppc64.rpm php-common-5.3.3-3.el6_1.4.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm php-gd-5.3.3-3.el6_1.4.ppc64.rpm php-ldap-5.3.3-3.el6_1.4.ppc64.rpm php-mysql-5.3.3-3.el6_1.4.ppc64.rpm php-odbc-5.3.3-3.el6_1.4.ppc64.rpm php-pdo-5.3.3-3.el6_1.4.ppc64.rpm php-pgsql-5.3.3-3.el6_1.4.ppc64.rpm php-soap-5.3.3-3.el6_1.4.ppc64.rpm php-xml-5.3.3-3.el6_1.4.ppc64.rpm php-xmlrpc-5.3.3-3.el6_1.4.ppc64.rpm s390x: php-5.3.3-3.el6_1.4.s390x.rpm php-cli-5.3.3-3.el6_1.4.s390x.rpm php-common-5.3.3-3.el6_1.4.s390x.rpm php-debuginfo-5.3.3-3.el6_1.4.s390x.rpm php-gd-5.3.3-3.el6_1.4.s390x.rpm php-ldap-5.3.3-3.el6_1.4.s390x.rpm php-mysql-5.3.3-3.el6_1.4.s390x.rpm php-odbc-5.3.3-3.el6_1.4.s390x.rpm php-pdo-5.3.3-3.el6_1.4.s390x.rpm php-pgsql-5.3.3-3.el6_1.4.s390x.rpm php-soap-5.3.3-3.el6_1.4.s390x.rpm php-xml-5.3.3-3.el6_1.4.s390x.rpm php-xmlrpc-5.3.3-3.el6_1.4.s390x.rpm x86_64: php-5.3.3-3.el6_1.4.x86_64.rpm php-cli-5.3.3-3.el6_1.4.x86_64.rpm php-common-5.3.3-3.el6_1.4.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm php-gd-5.3.3-3.el6_1.4.x86_64.rpm php-ldap-5.3.3-3.el6_1.4.x86_64.rpm php-mysql-5.3.3-3.el6_1.4.x86_64.rpm php-odbc-5.3.3-3.el6_1.4.x86_64.rpm php-pdo-5.3.3-3.el6_1.4.x86_64.rpm php-pgsql-5.3.3-3.el6_1.4.x86_64.rpm php-soap-5.3.3-3.el6_1.4.x86_64.rpm php-xml-5.3.3-3.el6_1.4.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.0): Source: php-5.3.2-6.el6_0.2.src.rpm i386: php-bcmath-5.3.2-6.el6_0.2.i686.rpm php-dba-5.3.2-6.el6_0.2.i686.rpm php-debuginfo-5.3.2-6.el6_0.2.i686.rpm php-devel-5.3.2-6.el6_0.2.i686.rpm php-embedded-5.3.2-6.el6_0.2.i686.rpm php-enchant-5.3.2-6.el6_0.2.i686.rpm php-imap-5.3.2-6.el6_0.2.i686.rpm php-intl-5.3.2-6.el6_0.2.i686.rpm php-mbstring-5.3.2-6.el6_0.2.i686.rpm php-process-5.3.2-6.el6_0.2.i686.rpm php-pspell-5.3.2-6.el6_0.2.i686.rpm php-recode-5.3.2-6.el6_0.2.i686.rpm php-snmp-5.3.2-6.el6_0.2.i686.rpm php-tidy-5.3.2-6.el6_0.2.i686.rpm php-zts-5.3.2-6.el6_0.2.i686.rpm ppc64: php-bcmath-5.3.2-6.el6_0.2.ppc64.rpm php-dba-5.3.2-6.el6_0.2.ppc64.rpm php-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm php-devel-5.3.2-6.el6_0.2.ppc64.rpm php-embedded-5.3.2-6.el6_0.2.ppc64.rpm php-enchant-5.3.2-6.el6_0.2.ppc64.rpm php-imap-5.3.2-6.el6_0.2.ppc64.rpm php-intl-5.3.2-6.el6_0.2.ppc64.rpm php-mbstring-5.3.2-6.el6_0.2.ppc64.rpm php-process-5.3.2-6.el6_0.2.ppc64.rpm php-pspell-5.3.2-6.el6_0.2.ppc64.rpm php-recode-5.3.2-6.el6_0.2.ppc64.rpm php-snmp-5.3.2-6.el6_0.2.ppc64.rpm php-tidy-5.3.2-6.el6_0.2.ppc64.rpm php-zts-5.3.2-6.el6_0.2.ppc64.rpm s390x: php-bcmath-5.3.2-6.el6_0.2.s390x.rpm php-dba-5.3.2-6.el6_0.2.s390x.rpm php-debuginfo-5.3.2-6.el6_0.2.s390x.rpm php-devel-5.3.2-6.el6_0.2.s390x.rpm php-embedded-5.3.2-6.el6_0.2.s390x.rpm php-enchant-5.3.2-6.el6_0.2.s390x.rpm php-imap-5.3.2-6.el6_0.2.s390x.rpm php-intl-5.3.2-6.el6_0.2.s390x.rpm php-mbstring-5.3.2-6.el6_0.2.s390x.rpm php-process-5.3.2-6.el6_0.2.s390x.rpm php-pspell-5.3.2-6.el6_0.2.s390x.rpm php-recode-5.3.2-6.el6_0.2.s390x.rpm php-snmp-5.3.2-6.el6_0.2.s390x.rpm php-tidy-5.3.2-6.el6_0.2.s390x.rpm php-zts-5.3.2-6.el6_0.2.s390x.rpm x86_64: php-bcmath-5.3.2-6.el6_0.2.x86_64.rpm php-dba-5.3.2-6.el6_0.2.x86_64.rpm php-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm php-devel-5.3.2-6.el6_0.2.x86_64.rpm php-embedded-5.3.2-6.el6_0.2.x86_64.rpm php-enchant-5.3.2-6.el6_0.2.x86_64.rpm php-imap-5.3.2-6.el6_0.2.x86_64.rpm php-intl-5.3.2-6.el6_0.2.x86_64.rpm php-mbstring-5.3.2-6.el6_0.2.x86_64.rpm php-process-5.3.2-6.el6_0.2.x86_64.rpm php-pspell-5.3.2-6.el6_0.2.x86_64.rpm php-recode-5.3.2-6.el6_0.2.x86_64.rpm php-snmp-5.3.2-6.el6_0.2.x86_64.rpm php-tidy-5.3.2-6.el6_0.2.x86_64.rpm php-zts-5.3.2-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.1): Source: php-5.3.3-3.el6_1.4.src.rpm i386: php-bcmath-5.3.3-3.el6_1.4.i686.rpm php-dba-5.3.3-3.el6_1.4.i686.rpm php-debuginfo-5.3.3-3.el6_1.4.i686.rpm php-devel-5.3.3-3.el6_1.4.i686.rpm php-embedded-5.3.3-3.el6_1.4.i686.rpm php-enchant-5.3.3-3.el6_1.4.i686.rpm php-imap-5.3.3-3.el6_1.4.i686.rpm php-intl-5.3.3-3.el6_1.4.i686.rpm php-mbstring-5.3.3-3.el6_1.4.i686.rpm php-process-5.3.3-3.el6_1.4.i686.rpm php-pspell-5.3.3-3.el6_1.4.i686.rpm php-recode-5.3.3-3.el6_1.4.i686.rpm php-snmp-5.3.3-3.el6_1.4.i686.rpm php-tidy-5.3.3-3.el6_1.4.i686.rpm php-zts-5.3.3-3.el6_1.4.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_1.4.ppc64.rpm php-dba-5.3.3-3.el6_1.4.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm php-devel-5.3.3-3.el6_1.4.ppc64.rpm php-embedded-5.3.3-3.el6_1.4.ppc64.rpm php-enchant-5.3.3-3.el6_1.4.ppc64.rpm php-imap-5.3.3-3.el6_1.4.ppc64.rpm php-intl-5.3.3-3.el6_1.4.ppc64.rpm php-mbstring-5.3.3-3.el6_1.4.ppc64.rpm php-process-5.3.3-3.el6_1.4.ppc64.rpm php-pspell-5.3.3-3.el6_1.4.ppc64.rpm php-recode-5.3.3-3.el6_1.4.ppc64.rpm php-snmp-5.3.3-3.el6_1.4.ppc64.rpm php-tidy-5.3.3-3.el6_1.4.ppc64.rpm php-zts-5.3.3-3.el6_1.4.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_1.4.s390x.rpm php-dba-5.3.3-3.el6_1.4.s390x.rpm php-debuginfo-5.3.3-3.el6_1.4.s390x.rpm php-devel-5.3.3-3.el6_1.4.s390x.rpm php-embedded-5.3.3-3.el6_1.4.s390x.rpm php-enchant-5.3.3-3.el6_1.4.s390x.rpm php-imap-5.3.3-3.el6_1.4.s390x.rpm php-intl-5.3.3-3.el6_1.4.s390x.rpm php-mbstring-5.3.3-3.el6_1.4.s390x.rpm php-process-5.3.3-3.el6_1.4.s390x.rpm php-pspell-5.3.3-3.el6_1.4.s390x.rpm php-recode-5.3.3-3.el6_1.4.s390x.rpm php-snmp-5.3.3-3.el6_1.4.s390x.rpm php-tidy-5.3.3-3.el6_1.4.s390x.rpm php-zts-5.3.3-3.el6_1.4.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_1.4.x86_64.rpm php-dba-5.3.3-3.el6_1.4.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm php-devel-5.3.3-3.el6_1.4.x86_64.rpm php-embedded-5.3.3-3.el6_1.4.x86_64.rpm php-enchant-5.3.3-3.el6_1.4.x86_64.rpm php-imap-5.3.3-3.el6_1.4.x86_64.rpm php-intl-5.3.3-3.el6_1.4.x86_64.rpm php-mbstring-5.3.3-3.el6_1.4.x86_64.rpm php-process-5.3.3-3.el6_1.4.x86_64.rpm php-pspell-5.3.3-3.el6_1.4.x86_64.rpm php-recode-5.3.3-3.el6_1.4.x86_64.rpm php-snmp-5.3.3-3.el6_1.4.x86_64.rpm php-tidy-5.3.3-3.el6_1.4.x86_64.rpm php-zts-5.3.3-3.el6_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1823.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPq+BrXlSAg2UNWIIRAlkPAJ99QQuun9ljsbFTsnMoLAbItDTJUQCggigr NQJBwTDuCJX2FNa8cSIcWCY= =s0aa -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012 php5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1 Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7 Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8 Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24 In general, a standard system update will make all the necessary changes

Trust: 2.52

sources: NVD: CVE-2012-1823 // JVNDB: JVNDB-2012-002235 // BID: 53388 // VULMON: CVE-2012-1823 // PACKETSTORM: 112465 // PACKETSTORM: 112580 // PACKETSTORM: 112612 // PACKETSTORM: 112508 // PACKETSTORM: 112605 // PACKETSTORM: 112474

AFFECTED PRODUCTS

vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	5.3	Trust: 1.0
vendor:	hp	model:	hp-ux	scope:	eq	version:	b.11.23	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.1	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	10	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.8.2	Trust: 1.0
vendor:	redhat	model:	storage	scope:	eq	version:	2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.4.2	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11	Trust: 1.0
vendor:	hp	model:	hp-ux	scope:	eq	version:	b.11.31	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.7.5	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	39	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.6.8	Trust: 1.0
vendor:	redhat	model:	gluster storage server for on-premise	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.8.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	40	Trust: 1.0
vendor:	redhat	model:	storage for public cloud	scope:	eq	version:	2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	application stack	scope:	eq	version:	2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	5.6	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.3.12	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	5.6	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.1	Trust: 0.9
vendor:	the php group	model:	php	scope:	lt	version:	version 5.3.12 earlier	Trust: 0.8
vendor:	the php group	model:	php	scope:	lt	version:	version 5.4.2 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 to v10.7.4	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.8 and v10.8.1	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7 to v10.7.4	Trust: 0.8
vendor:	cybozu	model:	garoon	scope:	eq	version:	3.1.0 to 3.1.3	Trust: 0.8
vendor:	cybozu	model:	garoon	scope:	eq	version:	3.5.0 to 3.5.1	Trust: 0.8
vendor:	php	model:	php	scope:	eq	version:	5.2.16	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.3.0	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.15	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.8	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.13	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.17	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.14	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.11	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.2.12	Trust: 0.6
vendor:	parallels	model:	plesk panel	scope:	eq	version:	9.5.4	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	11.10	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node optional	scope:	eq	version:	6	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.2	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	8.1	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	voice portal sp1	scope:	eq	version:	5.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.8	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3 ltss	scope:	eq	version:	10	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus 6.1.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux long life server	scope:	eq	version:	5.3	Trust: 0.3
vendor:	turbolinux	model:	appliance server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.10	Trust: 0.3
vendor:	avaya	model:	voice portal sp2	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	juniper	model:	ctpview	scope:	eq	version:	4.6	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	11.10	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.0	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2011	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	juniper	model:	ctpview	scope:	eq	version:	4.3	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	juniper	model:	ctpview	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	11.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation optional	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	6.0	Trust: 0.3
vendor:	parallels	model:	plesk panel	scope:	eq	version:	9.3	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	juniper	model:	ctpview 7.0r1	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	lotus foundations start 1.2.2b	scope:	ne	version:	-	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	11.04	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux eus 5.6.z server	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	ne	version:	7.2.1	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	5.2	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.4.2	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	6.1	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	lotus foundations start 1.2.2a	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.7.5	Trust: 0.3
vendor:	juniper	model:	ctpview	scope:	eq	version:	4.5	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop optional	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2010.1	Trust: 0.3
vendor:	avaya	model:	voice portal sp1	scope:	eq	version:	5.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.3	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional eus	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.6	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.5	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura communication manager	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	110	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.4	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2011	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	11.04	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.12	Trust: 0.3
vendor:	juniper	model:	ctpview	scope:	eq	version:	4.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.7	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	11.04	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	suse	model:	linux enterprise server for vmware sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.8.2	Trust: 0.3
vendor:	suse	model:	linux enterprise server for vmware sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.2	Trust: 0.3
vendor:	turbolinux	model:	appliance server	scope:	eq	version:	3.0x64	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	parallels	model:	plesk panel	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	turbolinux	model:	client	scope:	eq	version:	2008	Trust: 0.3
vendor:	parallels	model:	plesk panel	scope:	eq	version:	8.6	Trust: 0.3
vendor:	parallels	model:	plesk panel	scope:	eq	version:	9.0	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	lotus foundations start	scope:	eq	version:	1.2	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura session manager sp2	scope:	eq	version:	5.2	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	11x64	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	ne	version:	7.1.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional eus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	12.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2010.1	Trust: 0.3
vendor:	php	model:	php	scope:	ne	version:	5.3.13	Trust: 0.3

sources: BID: 53388 // JVNDB: JVNDB-2012-002235 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1823
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2012-1823
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201205-108
value:	HIGH
Trust: 0.6
VULMON:	CVE-2012-1823
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-1823
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2012-1823
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2012-1823 // JVNDB: JVNDB-2012-002235 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2012-002235 // NVD: CVE-2012-1823

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 112508 // PACKETSTORM: 112605 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-108

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201205-108

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002235

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2012-1823

PATCH

title:	HT5501	url:	http://support.apple.com/kb/HT5501	Trust: 0.8
title:	HT5501	url:	http://support.apple.com/kb/HT5501?viewlocale=ja_JP	Trust: 0.8
title:	PHP-CGI の query string の処理に脆弱性【CY12-06-001】	url:	http://cs.cybozu.co.jp/information/20120606up02.php	Trust: 0.8
title:	HPSBMU02786 SSRT100877	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041	Trust: 0.8
title:	HPSBUX02791 SSRT100856	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03368475	Trust: 0.8
title:	1621015	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21621015	Trust: 0.8
title:	1620314	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21620314	Trust: 0.8
title:	#61910	url:	https://bugs.php.net/bug.php?id=61910	Trust: 0.8
title:	RHSA-2012:0546	url:	http://rhn.redhat.com/errata/RHSA-2012-0546.html	Trust: 0.8
title:	RHSA-2012:0568	url:	http://rhn.redhat.com/errata/RHSA-2012-0568.html	Trust: 0.8
title:	RHSA-2012:0547	url:	http://rhn.redhat.com/errata/RHSA-2012-0547.html	Trust: 0.8
title:	PHP 5.3.12 and PHP 5.4.2 Released!	url:	http://www.php.net/archive/2012.php#id2012-05-03-1	Trust: 0.8
title:	PHP: CGI バイナリとしてインストール - Manual	url:	http://www.php.net/manual/ja/security.cgi-bin.php	Trust: 0.8
title:	PHP 5 ChangeLog - Version 5.4.2	url:	http://www.php.net/ChangeLog-5.php#5.4.2	Trust: 0.8
title:	PHP 5.4.3 and PHP 5.3.13 Released!	url:	http://www.php.net/archive/2012.php#id2012-05-08-1	Trust: 0.8
title:	Patch cgi.diff for CGI/CLI related Bug #61910	url:	https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1	Trust: 0.8
title:	PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)	url:	http://www.php.net/archive/2012.php#id2012-05-06-1	Trust: 0.8
title:	001-005900	url:	https://support.cybozu.com/ja-jp/article/5900	Trust: 0.8
title:	PHP 5.4.3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43186	Trust: 0.6
title:	PHP 5.4.3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43185	Trust: 0.6
title:	Red Hat: Critical: php53 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120569 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: php security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120568 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: php security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120546 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: php53 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120547 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: php5: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=369fec60ba7ae134a5d768faf3cb2f6b	Trust: 0.1
title:	Ubuntu Security Notice: php5 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1437-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2012-077	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-077	Trust: 0.1
title:	Debian Security Advisories: DSA-2465-1 php5 -- several vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=db88513c75df4c41339c6c90dcb69831	Trust: 0.1
title:	Red Hat: Moderate: php security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121045 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: php53 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121047 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: php security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121046 - Security Advisory	Trust: 0.1
title:	HacktivityCon_CTF_2020	url:	https://github.com/W3rni0/HacktivityCon_CTF_2020	Trust: 0.1
title:	exploits	url:	https://github.com/infodox/exploits	Trust: 0.1
title:	webappurls	url:	https://github.com/pwnwiki/webappurls	Trust: 0.1
title:	CVE-2012-1823	url:	https://github.com/drone789/CVE-2012-1823	Trust: 0.1
title:	Covid-v2-Botnet	url:	https://github.com/SniperX-D/Covid-v2-Botnet	Trust: 0.1
title:	covid	url:	https://github.com/MrScytheLULZ/covid	Trust: 0.1
title:	python-pySecurity	url:	https://github.com/CyberSavvy/python-pySecurity	Trust: 0.1
title:	pySecurity	url:	https://github.com/smartFlash/pySecurity	Trust: 0.1
title:	AutoSploit	url:	https://github.com/RootUp/AutoSploit	Trust: 0.1
title:	Python	url:	https://github.com/BCyberSavvy/Python	Trust: 0.1
title:	awesome-infosec	url:	https://github.com/onlurking/awesome-infosec	Trust: 0.1
title:	awesome-infosec	url:	https://github.com/eric-erki/awesome-infosec	Trust: 0.1
title:	Intrusion_Detection_System-Python	url:	https://github.com/marcocastro100/Intrusion_Detection_System-Python	Trust: 0.1
title:	deepdig	url:	https://github.com/cyberdeception/deepdig	Trust: 0.1
title:	Boot2root-CTFs-Writeups	url:	https://github.com/Jean-Francois-C/Boot2root-CTFs	Trust: 0.1
title:	Boot2root-CTFs-Writeups	url:	https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups	Trust: 0.1
title:	CDL	url:	https://github.com/NCSU-DANCE-Research-Group/CDL	Trust: 0.1
title:	Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications	url:	https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/new-exploits-arrive-for-old-php-vulnerability/104881/	Trust: 0.1
title:	Securelist	url:	https://securelist.com/it-threat-evolution-q2-2013/37163/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/php-group-set-release-another-patch-cve-2012-1823-flaw-050812/76537/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/	Trust: 0.1

sources: VULMON: CVE-2012-1823 // JVNDB: JVNDB-2012-002235 // CNNVD: CNNVD-201205-108

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1823	Trust: 3.3
db:	CERT/CC	id:	VU#520827	Trust: 2.9
db:	SECUNIA	id:	49014	Trust: 2.0
db:	SECUNIA	id:	49065	Trust: 1.7
db:	SECUNIA	id:	49085	Trust: 1.7
db:	SECUNIA	id:	49087	Trust: 1.7
db:	CERT/CC	id:	VU#673343	Trust: 1.4
db:	SECTRACK	id:	1027022	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2024/06/07/1	Trust: 1.0
db:	JVNDB	id:	JVNDB-2012-002235	Trust: 0.8
db:	SECUNIA	id:	49053	Trust: 0.7
db:	SECUNIA	id:	49097	Trust: 0.6
db:	CNNVD	id:	CNNVD-201205-108	Trust: 0.6
db:	JUNIPER	id:	JSA10658	Trust: 0.3
db:	BID	id:	53388	Trust: 0.3
db:	EXPLOIT-DB	id:	18836	Trust: 0.1
db:	VULMON	id:	CVE-2012-1823	Trust: 0.1
db:	PACKETSTORM	id:	112465	Trust: 0.1
db:	PACKETSTORM	id:	112580	Trust: 0.1
db:	PACKETSTORM	id:	112612	Trust: 0.1
db:	PACKETSTORM	id:	112508	Trust: 0.1
db:	PACKETSTORM	id:	112605	Trust: 0.1
db:	PACKETSTORM	id:	112474	Trust: 0.1

sources: VULMON: CVE-2012-1823 // BID: 53388 // JVNDB: JVNDB-2012-002235 // PACKETSTORM: 112465 // PACKETSTORM: 112580 // PACKETSTORM: 112612 // PACKETSTORM: 112508 // PACKETSTORM: 112605 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

REFERENCES

url:	http://www.kb.cert.org/vuls/id/520827	Trust: 2.9
url:	http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/	Trust: 2.1
url:	http://www.php.net/archive/2012.php#id2012-05-03-1	Trust: 2.0
url:	https://bugs.php.net/bug.php?id=61910	Trust: 1.8
url:	http://www.php.net/changelog-5.php#5.4.2	Trust: 1.7
url:	https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1	Trust: 1.7
url:	http://secunia.com/advisories/49014	Trust: 1.7
url:	http://secunia.com/advisories/49087	Trust: 1.7
url:	http://secunia.com/advisories/49065	Trust: 1.7
url:	http://secunia.com/advisories/49085	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/673343	Trust: 1.5
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041	Trust: 1.4
url:	http://rhn.redhat.com/errata/rhsa-2012-0568.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2012-0547.html	Trust: 1.2
url:	http://www.debian.org/security/2012/dsa-2465	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2012-0546.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=134012830914727&w=2	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html	Trust: 1.1
url:	http://support.apple.com/kb/ht5501	Trust: 1.1
url:	http://www.securitytracker.com/id?1027022	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2012:068	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2012-0570.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2012-0569.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w45dboh56nqdrtom2dn2lna2fzimc3pk/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pkgtquoa2ntz3rxn22csaujpiruyrb4b/	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2024/06/07/1	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu520827	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu381963/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1823	Trust: 0.8
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862	Trust: 0.6
url:	http://secunia.com/advisories/49053	Trust: 0.6
url:	http://secunia.com/advisories/49097	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1823	Trust: 0.4
url:	http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0	Trust: 0.3
url:	http://www-01.ibm.com/software/lotus/products/foundations/start/	Trust: 0.3
url:	http://kb.parallels.com/en/113818	Trust: 0.3
url:	kb.parallels.com/en/116241	Trust: 0.3
url:	https://community.rapid7.com/thread/5174	Trust: 0.3
url:	http://www.php.net/	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2013/jun/21	Trust: 0.3
url:	http://ompldr.org/vzgxxaq	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100162699	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100165255	Trust: 0.3
url:	http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21620314	Trust: 0.3
url:	http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt	Trust: 0.3
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.2
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-2311	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2012-1823.html	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	http://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/knowledge/articles/11258	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2012:0569	Trust: 0.1
url:	https://github.com/infodox/exploits	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/18836/	Trust: 0.1
url:	http://secunia.com/advisories/49014/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=49014	Trust: 0.1
url:	http://secunia.com/advisories/49014/	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1172	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://secunia.com/advisories/49053/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=49053	Trust: 0.1
url:	http://secunia.com/advisories/49053/#comments	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.8	Trust: 0.1
url:	http://people.canonical.com/~ubuntu-security/cve/2012/cve-2012-2311.html	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.24	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.7	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-1437-1	Trust: 0.1

CREDITS

De Eindbazen

Trust: 0.3

sources: BID: 53388

SOURCES

db:	VULMON	id:	CVE-2012-1823
db:	BID	id:	53388
db:	JVNDB	id:	JVNDB-2012-002235
db:	PACKETSTORM	id:	112465
db:	PACKETSTORM	id:	112580
db:	PACKETSTORM	id:	112612
db:	PACKETSTORM	id:	112508
db:	PACKETSTORM	id:	112605
db:	PACKETSTORM	id:	112474
db:	CNNVD	id:	CNNVD-201205-108
db:	NVD	id:	CVE-2012-1823

LAST UPDATE DATE

2025-01-03T20:08:34.843000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2012-1823	date:	2018-01-18T00:00:00
db:	BID	id:	53388	date:	2015-04-13T22:15:00
db:	JVNDB	id:	JVNDB-2012-002235	date:	2013-05-24T00:00:00
db:	CNNVD	id:	CNNVD-201205-108	date:	2012-05-08T00:00:00
db:	NVD	id:	CVE-2012-1823	date:	2024-11-21T01:37:50.887

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2012-1823	date:	2012-05-11T00:00:00
db:	BID	id:	53388	date:	2012-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2012-002235	date:	2012-05-08T00:00:00
db:	PACKETSTORM	id:	112465	date:	2012-05-05T05:25:23
db:	PACKETSTORM	id:	112580	date:	2012-05-10T03:59:25
db:	PACKETSTORM	id:	112612	date:	2012-05-10T06:23:20
db:	PACKETSTORM	id:	112508	date:	2012-05-07T20:04:50
db:	PACKETSTORM	id:	112605	date:	2012-05-10T21:02:10
db:	PACKETSTORM	id:	112474	date:	2012-05-06T01:28:45
db:	CNNVD	id:	CNNVD-201205-108	date:	2012-05-08T00:00:00
db:	NVD	id:	CVE-2012-1823	date:	2012-05-11T10:15:48.043