Sign-up

ID

VAR-201205-0305


CVE

CVE-2012-1823


TITLE

Parallels Plesk Panel phppath/php vulnerability

Trust: 0.8

sources: CERT/CC: VU#673343

DESCRIPTION

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1. We recommend that you upgrade your php5 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2012:0546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0546.html Issue date: 2012-05-07 CVE Names: CVE-2012-1823 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823) Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827) 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-34.el5_8.src.rpm i386: php-5.1.6-34.el5_8.i386.rpm php-bcmath-5.1.6-34.el5_8.i386.rpm php-cli-5.1.6-34.el5_8.i386.rpm php-common-5.1.6-34.el5_8.i386.rpm php-dba-5.1.6-34.el5_8.i386.rpm php-debuginfo-5.1.6-34.el5_8.i386.rpm php-devel-5.1.6-34.el5_8.i386.rpm php-gd-5.1.6-34.el5_8.i386.rpm php-imap-5.1.6-34.el5_8.i386.rpm php-ldap-5.1.6-34.el5_8.i386.rpm php-mbstring-5.1.6-34.el5_8.i386.rpm php-mysql-5.1.6-34.el5_8.i386.rpm php-ncurses-5.1.6-34.el5_8.i386.rpm php-odbc-5.1.6-34.el5_8.i386.rpm php-pdo-5.1.6-34.el5_8.i386.rpm php-pgsql-5.1.6-34.el5_8.i386.rpm php-snmp-5.1.6-34.el5_8.i386.rpm php-soap-5.1.6-34.el5_8.i386.rpm php-xml-5.1.6-34.el5_8.i386.rpm php-xmlrpc-5.1.6-34.el5_8.i386.rpm x86_64: php-5.1.6-34.el5_8.x86_64.rpm php-bcmath-5.1.6-34.el5_8.x86_64.rpm php-cli-5.1.6-34.el5_8.x86_64.rpm php-common-5.1.6-34.el5_8.x86_64.rpm php-dba-5.1.6-34.el5_8.x86_64.rpm php-debuginfo-5.1.6-34.el5_8.x86_64.rpm php-devel-5.1.6-34.el5_8.x86_64.rpm php-gd-5.1.6-34.el5_8.x86_64.rpm php-imap-5.1.6-34.el5_8.x86_64.rpm php-ldap-5.1.6-34.el5_8.x86_64.rpm php-mbstring-5.1.6-34.el5_8.x86_64.rpm php-mysql-5.1.6-34.el5_8.x86_64.rpm php-ncurses-5.1.6-34.el5_8.x86_64.rpm php-odbc-5.1.6-34.el5_8.x86_64.rpm php-pdo-5.1.6-34.el5_8.x86_64.rpm php-pgsql-5.1.6-34.el5_8.x86_64.rpm php-snmp-5.1.6-34.el5_8.x86_64.rpm php-soap-5.1.6-34.el5_8.x86_64.rpm php-xml-5.1.6-34.el5_8.x86_64.rpm php-xmlrpc-5.1.6-34.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-34.el5_8.src.rpm i386: php-5.1.6-34.el5_8.i386.rpm php-bcmath-5.1.6-34.el5_8.i386.rpm php-cli-5.1.6-34.el5_8.i386.rpm php-common-5.1.6-34.el5_8.i386.rpm php-dba-5.1.6-34.el5_8.i386.rpm php-debuginfo-5.1.6-34.el5_8.i386.rpm php-devel-5.1.6-34.el5_8.i386.rpm php-gd-5.1.6-34.el5_8.i386.rpm php-imap-5.1.6-34.el5_8.i386.rpm php-ldap-5.1.6-34.el5_8.i386.rpm php-mbstring-5.1.6-34.el5_8.i386.rpm php-mysql-5.1.6-34.el5_8.i386.rpm php-ncurses-5.1.6-34.el5_8.i386.rpm php-odbc-5.1.6-34.el5_8.i386.rpm php-pdo-5.1.6-34.el5_8.i386.rpm php-pgsql-5.1.6-34.el5_8.i386.rpm php-snmp-5.1.6-34.el5_8.i386.rpm php-soap-5.1.6-34.el5_8.i386.rpm php-xml-5.1.6-34.el5_8.i386.rpm php-xmlrpc-5.1.6-34.el5_8.i386.rpm ia64: php-5.1.6-34.el5_8.ia64.rpm php-bcmath-5.1.6-34.el5_8.ia64.rpm php-cli-5.1.6-34.el5_8.ia64.rpm php-common-5.1.6-34.el5_8.ia64.rpm php-dba-5.1.6-34.el5_8.ia64.rpm php-debuginfo-5.1.6-34.el5_8.ia64.rpm php-devel-5.1.6-34.el5_8.ia64.rpm php-gd-5.1.6-34.el5_8.ia64.rpm php-imap-5.1.6-34.el5_8.ia64.rpm php-ldap-5.1.6-34.el5_8.ia64.rpm php-mbstring-5.1.6-34.el5_8.ia64.rpm php-mysql-5.1.6-34.el5_8.ia64.rpm php-ncurses-5.1.6-34.el5_8.ia64.rpm php-odbc-5.1.6-34.el5_8.ia64.rpm php-pdo-5.1.6-34.el5_8.ia64.rpm php-pgsql-5.1.6-34.el5_8.ia64.rpm php-snmp-5.1.6-34.el5_8.ia64.rpm php-soap-5.1.6-34.el5_8.ia64.rpm php-xml-5.1.6-34.el5_8.ia64.rpm php-xmlrpc-5.1.6-34.el5_8.ia64.rpm ppc: php-5.1.6-34.el5_8.ppc.rpm php-bcmath-5.1.6-34.el5_8.ppc.rpm php-cli-5.1.6-34.el5_8.ppc.rpm php-common-5.1.6-34.el5_8.ppc.rpm php-dba-5.1.6-34.el5_8.ppc.rpm php-debuginfo-5.1.6-34.el5_8.ppc.rpm php-devel-5.1.6-34.el5_8.ppc.rpm php-gd-5.1.6-34.el5_8.ppc.rpm php-imap-5.1.6-34.el5_8.ppc.rpm php-ldap-5.1.6-34.el5_8.ppc.rpm php-mbstring-5.1.6-34.el5_8.ppc.rpm php-mysql-5.1.6-34.el5_8.ppc.rpm php-ncurses-5.1.6-34.el5_8.ppc.rpm php-odbc-5.1.6-34.el5_8.ppc.rpm php-pdo-5.1.6-34.el5_8.ppc.rpm php-pgsql-5.1.6-34.el5_8.ppc.rpm php-snmp-5.1.6-34.el5_8.ppc.rpm php-soap-5.1.6-34.el5_8.ppc.rpm php-xml-5.1.6-34.el5_8.ppc.rpm php-xmlrpc-5.1.6-34.el5_8.ppc.rpm s390x: php-5.1.6-34.el5_8.s390x.rpm php-bcmath-5.1.6-34.el5_8.s390x.rpm php-cli-5.1.6-34.el5_8.s390x.rpm php-common-5.1.6-34.el5_8.s390x.rpm php-dba-5.1.6-34.el5_8.s390x.rpm php-debuginfo-5.1.6-34.el5_8.s390x.rpm php-devel-5.1.6-34.el5_8.s390x.rpm php-gd-5.1.6-34.el5_8.s390x.rpm php-imap-5.1.6-34.el5_8.s390x.rpm php-ldap-5.1.6-34.el5_8.s390x.rpm php-mbstring-5.1.6-34.el5_8.s390x.rpm php-mysql-5.1.6-34.el5_8.s390x.rpm php-ncurses-5.1.6-34.el5_8.s390x.rpm php-odbc-5.1.6-34.el5_8.s390x.rpm php-pdo-5.1.6-34.el5_8.s390x.rpm php-pgsql-5.1.6-34.el5_8.s390x.rpm php-snmp-5.1.6-34.el5_8.s390x.rpm php-soap-5.1.6-34.el5_8.s390x.rpm php-xml-5.1.6-34.el5_8.s390x.rpm php-xmlrpc-5.1.6-34.el5_8.s390x.rpm x86_64: php-5.1.6-34.el5_8.x86_64.rpm php-bcmath-5.1.6-34.el5_8.x86_64.rpm php-cli-5.1.6-34.el5_8.x86_64.rpm php-common-5.1.6-34.el5_8.x86_64.rpm php-dba-5.1.6-34.el5_8.x86_64.rpm php-debuginfo-5.1.6-34.el5_8.x86_64.rpm php-devel-5.1.6-34.el5_8.x86_64.rpm php-gd-5.1.6-34.el5_8.x86_64.rpm php-imap-5.1.6-34.el5_8.x86_64.rpm php-ldap-5.1.6-34.el5_8.x86_64.rpm php-mbstring-5.1.6-34.el5_8.x86_64.rpm php-mysql-5.1.6-34.el5_8.x86_64.rpm php-ncurses-5.1.6-34.el5_8.x86_64.rpm php-odbc-5.1.6-34.el5_8.x86_64.rpm php-pdo-5.1.6-34.el5_8.x86_64.rpm php-pgsql-5.1.6-34.el5_8.x86_64.rpm php-snmp-5.1.6-34.el5_8.x86_64.rpm php-soap-5.1.6-34.el5_8.x86_64.rpm php-xml-5.1.6-34.el5_8.x86_64.rpm php-xmlrpc-5.1.6-34.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm x86_64: php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm ppc64: php-5.3.3-3.el6_2.8.ppc64.rpm php-cli-5.3.3-3.el6_2.8.ppc64.rpm php-common-5.3.3-3.el6_2.8.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.8.ppc64.rpm php-gd-5.3.3-3.el6_2.8.ppc64.rpm php-ldap-5.3.3-3.el6_2.8.ppc64.rpm php-mysql-5.3.3-3.el6_2.8.ppc64.rpm php-odbc-5.3.3-3.el6_2.8.ppc64.rpm php-pdo-5.3.3-3.el6_2.8.ppc64.rpm php-pgsql-5.3.3-3.el6_2.8.ppc64.rpm php-soap-5.3.3-3.el6_2.8.ppc64.rpm php-xml-5.3.3-3.el6_2.8.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.8.ppc64.rpm s390x: php-5.3.3-3.el6_2.8.s390x.rpm php-cli-5.3.3-3.el6_2.8.s390x.rpm php-common-5.3.3-3.el6_2.8.s390x.rpm php-debuginfo-5.3.3-3.el6_2.8.s390x.rpm php-gd-5.3.3-3.el6_2.8.s390x.rpm php-ldap-5.3.3-3.el6_2.8.s390x.rpm php-mysql-5.3.3-3.el6_2.8.s390x.rpm php-odbc-5.3.3-3.el6_2.8.s390x.rpm php-pdo-5.3.3-3.el6_2.8.s390x.rpm php-pgsql-5.3.3-3.el6_2.8.s390x.rpm php-soap-5.3.3-3.el6_2.8.s390x.rpm php-xml-5.3.3-3.el6_2.8.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.8.s390x.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.8.ppc64.rpm php-dba-5.3.3-3.el6_2.8.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.8.ppc64.rpm php-devel-5.3.3-3.el6_2.8.ppc64.rpm php-embedded-5.3.3-3.el6_2.8.ppc64.rpm php-enchant-5.3.3-3.el6_2.8.ppc64.rpm php-imap-5.3.3-3.el6_2.8.ppc64.rpm php-intl-5.3.3-3.el6_2.8.ppc64.rpm php-mbstring-5.3.3-3.el6_2.8.ppc64.rpm php-process-5.3.3-3.el6_2.8.ppc64.rpm php-pspell-5.3.3-3.el6_2.8.ppc64.rpm php-recode-5.3.3-3.el6_2.8.ppc64.rpm php-snmp-5.3.3-3.el6_2.8.ppc64.rpm php-tidy-5.3.3-3.el6_2.8.ppc64.rpm php-zts-5.3.3-3.el6_2.8.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.8.s390x.rpm php-dba-5.3.3-3.el6_2.8.s390x.rpm php-debuginfo-5.3.3-3.el6_2.8.s390x.rpm php-devel-5.3.3-3.el6_2.8.s390x.rpm php-embedded-5.3.3-3.el6_2.8.s390x.rpm php-enchant-5.3.3-3.el6_2.8.s390x.rpm php-imap-5.3.3-3.el6_2.8.s390x.rpm php-intl-5.3.3-3.el6_2.8.s390x.rpm php-mbstring-5.3.3-3.el6_2.8.s390x.rpm php-process-5.3.3-3.el6_2.8.s390x.rpm php-pspell-5.3.3-3.el6_2.8.s390x.rpm php-recode-5.3.3-3.el6_2.8.s390x.rpm php-snmp-5.3.3-3.el6_2.8.s390x.rpm php-tidy-5.3.3-3.el6_2.8.s390x.rpm php-zts-5.3.3-3.el6_2.8.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm x86_64: php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1823.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPqBidXlSAg2UNWIIRAtuSAJwIgGRkPkW5/AUENoUr0jScjBiojQCeLkVK WUs1dQ+935LKCja022LRegM= =dMtA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Debian update for php5 SECUNIA ADVISORY ID: SA49053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49053 RELEASE DATE: 2012-05-10 DISCUSS ADVISORY: http://secunia.com/advisories/49053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. For more information see vulnerability #1 in: SA49014 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2465-1: http://www.debian.org/security/2012/dsa-2465 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012 php5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1 Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7 Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8 Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24 In general, a standard system update will make all the necessary changes

Trust: 2.52

sources: NVD: CVE-2012-1823 // CERT/CC: VU#673343 // BID: 53388 // VULMON: CVE-2012-1823 // PACKETSTORM: 112598 // PACKETSTORM: 112580 // PACKETSTORM: 112507 // PACKETSTORM: 112612 // PACKETSTORM: 112508 // PACKETSTORM: 112474

AFFECTED PRODUCTS

vendor:redhatmodel:storagescope:eqversion:2.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:40

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:b.11.23

Trust: 1.0

vendor:redhatmodel:gluster storage server for on-premisescope:eqversion:2.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:39

Trust: 1.0

vendor:redhatmodel:application stackscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:5.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.4.2

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.3.12

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:5.3

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:10

Trust: 1.0

vendor:redhatmodel:storage for public cloudscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.8.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:5.6

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:b.11.31

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.2

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:11

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.1

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:5.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.6.8

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 0.9

vendor:parallels holdingsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmodel:phpscope:eqversion:5.2.16

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.0

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.15

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.8

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.13

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.17

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.14

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.11

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.12

Trust: 0.6

vendor:parallelsmodel:plesk panelscope:eqversion:9.5.4

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.1.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux long life serverscope:eqversion:5.3

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.3

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:junipermodel:ctpview 7.0r1scope:neversion: -

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2bscope:neversion: -

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux eus 5.6.z serverscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.2.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.4.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2ascope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.5

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:110

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.12

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.4

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.2

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0x64

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.4.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:turbolinuxmodel:clientscope:eqversion:2008

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:8.6

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:lotus foundations startscope:eqversion:1.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.1

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:phpmodel:phpscope:neversion:5.3.13

Trust: 0.3

sources: CERT/CC: VU#673343 // BID: 53388 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1823
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2012-1823
value: CRITICAL

Trust: 1.0

NVD: CVE-2012-1823
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-108
value: HIGH

Trust: 0.6

VULMON: CVE-2012-1823
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-1823
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2012-1823
severity: HIGH
baseScore: 7.5
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2012-1823
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CERT/CC: VU#673343 // VULMON: CVE-2012-1823 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823 // NVD: CVE-2012-1823

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2012-1823

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 112507 // PACKETSTORM: 112508 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-108

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201205-108

EXPLOIT AVAILABILITY

sources:
            
            
            CERT/CC: VU#673343 // 
            
            
            
            VULMON: CVE-2012-1823

PATCH
title:PHP 5.4.3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43186
Trust: 0.6
title:PHP 5.4.3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43185
Trust: 0.6
title:Red Hat: Critical: php53 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120569 - Security Advisory
Trust: 0.1
title:Red Hat: Critical: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120568 - Security Advisory
Trust: 0.1
title:Red Hat: Critical: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120546 - Security Advisory
Trust: 0.1
title:Red Hat: Critical: php53 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120547 - Security Advisory
Trust: 0.1
title:Debian CVElist Bug Report Logs: php5: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=369fec60ba7ae134a5d768faf3cb2f6b
Trust: 0.1
title:Ubuntu Security Notice: php5 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1437-1
Trust: 0.1
title:Amazon Linux AMI: ALAS-2012-077url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-077
Trust: 0.1
title:Debian Security Advisories: DSA-2465-1 php5 -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=db88513c75df4c41339c6c90dcb69831
Trust: 0.1
title:Red Hat: Moderate: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121045 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: php53 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121047 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121046 - Security Advisory
Trust: 0.1
title:HacktivityCon_CTF_2020url:https://github.com/W3rni0/HacktivityCon_CTF_2020 
Trust: 0.1
title:exploitsurl:https://github.com/infodox/exploits 
Trust: 0.1
title:webappurlsurl:https://github.com/pwnwiki/webappurls 
Trust: 0.1
title:CVE-2012-1823url:https://github.com/drone789/CVE-2012-1823 
Trust: 0.1
title:Covid-v2-Botneturl:https://github.com/SniperX-D/Covid-v2-Botnet 
Trust: 0.1
title:covidurl:https://github.com/MrScytheLULZ/covid 
Trust: 0.1
title:python-pySecurityurl:https://github.com/CyberSavvy/python-pySecurity 
Trust: 0.1
title:pySecurityurl:https://github.com/smartFlash/pySecurity 
Trust: 0.1
title:AutoSploiturl:https://github.com/RootUp/AutoSploit 
Trust: 0.1
title:Pythonurl:https://github.com/BCyberSavvy/Python 
Trust: 0.1
title:awesome-infosecurl:https://github.com/onlurking/awesome-infosec 
Trust: 0.1
title:awesome-infosecurl:https://github.com/eric-erki/awesome-infosec 
Trust: 0.1
title:Intrusion_Detection_System-Pythonurl:https://github.com/marcocastro100/Intrusion_Detection_System-Python 
Trust: 0.1
title:deepdigurl:https://github.com/cyberdeception/deepdig 
Trust: 0.1
title:Boot2root-CTFs-Writeupsurl:https://github.com/Jean-Francois-C/Boot2root-CTFs 
Trust: 0.1
title:Boot2root-CTFs-Writeupsurl:https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups 
Trust: 0.1
title:CDLurl:https://github.com/NCSU-DANCE-Research-Group/CDL 
Trust: 0.1
title:Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applicationsurl:https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications 
Trust: 0.1
title:Threatposturl:https://threatpost.com/new-exploits-arrive-for-old-php-vulnerability/104881/
Trust: 0.1
title:Securelisturl:https://securelist.com/it-threat-evolution-q2-2013/37163/
Trust: 0.1
title:Threatposturl:https://threatpost.com/php-group-set-release-another-patch-cve-2012-1823-flaw-050812/76537/
Trust: 0.1
title:Threatposturl:https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2012-1823 // 
            
            
            
            CNNVD: CNNVD-201205-108

EXTERNAL IDS
db:NVDid:CVE-2012-1823
Trust: 3.3
db:CERT/CCid:VU#673343
Trust: 2.2
db:CERT/CCid:VU#520827
Trust: 2.0
db:SECUNIAid:49014
Trust: 1.7
db:SECUNIAid:49065
Trust: 1.7
db:SECUNIAid:49085
Trust: 1.7
db:SECUNIAid:49087
Trust: 1.7
db:SECTRACKid:1027022
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2024/06/07/1
Trust: 1.0
db:SECUNIAid:49053
Trust: 0.7
db:SECUNIAid:49097
Trust: 0.6
db:CNNVDid:CNNVD-201205-108
Trust: 0.6
db:JUNIPERid:JSA10658
Trust: 0.3
db:BIDid:53388
Trust: 0.3
db:EXPLOIT-DBid:18836
Trust: 0.1
db:VULMONid:CVE-2012-1823
Trust: 0.1
db:PACKETSTORMid:112598
Trust: 0.1
db:PACKETSTORMid:112580
Trust: 0.1
db:PACKETSTORMid:112507
Trust: 0.1
db:PACKETSTORMid:112612
Trust: 0.1
db:PACKETSTORMid:112508
Trust: 0.1
db:PACKETSTORMid:112474
Trust: 0.1
sources:
            
            
            CERT/CC: VU#673343 // 
            
            
            
            VULMON: CVE-2012-1823 // 
            
            
            
            BID: 53388 // 
            
            
            
            PACKETSTORM: 112598 // 
            
            
            
            PACKETSTORM: 112580 // 
            
            
            
            PACKETSTORM: 112507 // 
            
            
            
            PACKETSTORM: 112612 // 
            
            
            
            PACKETSTORM: 112508 // 
            
            
            
            PACKETSTORM: 112474 // 
            
            
            
            CNNVD: CNNVD-201205-108 // 
            
            
            
            NVD: CVE-2012-1823

REFERENCES
url:http://www.php.net/archive/2012.php#id2012-05-03-1
Trust: 2.8
url:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Trust: 2.0
url:http://www.kb.cert.org/vuls/id/520827
Trust: 2.0
url:https://bugs.php.net/bug.php?id=61910
Trust: 1.7
url:http://www.php.net/changelog-5.php#5.4.2
Trust: 1.7
url:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
Trust: 1.7
url:http://secunia.com/advisories/49014
Trust: 1.7
url:http://secunia.com/advisories/49087
Trust: 1.7
url:http://secunia.com/advisories/49065
Trust: 1.7
url:http://secunia.com/advisories/49085
Trust: 1.7
url:http://www.kb.cert.org/vuls/id/673343
Trust: 1.5
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041
Trust: 1.4
url:http://rhn.redhat.com/errata/rhsa-2012-0547.html
Trust: 1.2
url:http://rhn.redhat.com/errata/rhsa-2012-0546.html
Trust: 1.2
url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:068
Trust: 1.2
url:http://www.debian.org/security/2012/dsa-2465
Trust: 1.2
url:http://kb.parallels.com/en/113818
Trust: 1.1
url:http://seclists.org/fulldisclosure/2013/jun/21
Trust: 1.1
url:http://rhn.redhat.com/errata/rhsa-2012-0568.html
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=134012830914727&w=2
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html
Trust: 1.1
url:http://support.apple.com/kb/ht5501
Trust: 1.1
url:http://www.securitytracker.com/id?1027022
Trust: 1.1
url:http://rhn.redhat.com/errata/rhsa-2012-0570.html
Trust: 1.1
url:http://rhn.redhat.com/errata/rhsa-2012-0569.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
Trust: 1.1
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w45dboh56nqdrtom2dn2lna2fzimc3pk/
Trust: 1.0
url:http://www.openwall.com/lists/oss-security/2024/06/07/1
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pkgtquoa2ntz3rxn22csaujpiruyrb4b/
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823
Trust: 0.9
url:http://kb.parallels.com/116241
Trust: 0.8
url:http://www.parallels.com/products/plesk/lifecycle
Trust: 0.8
url:http://blogs.cisco.com/security/plesk-0-day-targets-web-servers/
Trust: 0.8
url:http://kb.parallels.com/en/113814
Trust: 0.8
url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862
Trust: 0.6
url:http://secunia.com/advisories/49053
Trust: 0.6
url:http://secunia.com/advisories/49097
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2012-1823
Trust: 0.5
url:http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0
Trust: 0.3
url:http://www-01.ibm.com/software/lotus/products/foundations/start/
Trust: 0.3
url:kb.parallels.com/en/116241
Trust: 0.3
url:https://community.rapid7.com/thread/5174
Trust: 0.3
url:http://www.php.net/
Trust: 0.3
url:http://ompldr.org/vzgxxaq
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list
Trust: 0.3
url:https://downloads.avaya.com/css/p8/documents/100162699
Trust: 0.3
url:https://downloads.avaya.com/css/p8/documents/100165255
Trust: 0.3
url:http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21620314
Trust: 0.3
url:http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt
Trust: 0.3
url:http://secunia.com/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-1172
Trust: 0.2
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-2311
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-1823.html
Trust: 0.2
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.2
url:https://access.redhat.com/security/team/contact/
Trust: 0.2
url:https://access.redhat.com/security/team/key/#package
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.2
url:http://bugzilla.redhat.com/):
Trust: 0.2
url:https://access.redhat.com/knowledge/articles/11258
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2012:0569
Trust: 0.1
url:https://github.com/infodox/exploits
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/18836/
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4566
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0831
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-1148
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4885
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3182
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0788
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1938
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0830
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2483
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-4885
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0831
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdva-2012:004
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2202
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:166
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2336
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-2335
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0788
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0807
Trust: 0.1
url:http://www.mandriva.com/security/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0830
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3379
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1148
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-1938
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3267
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3268
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-4566
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:165
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:065
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3182
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3268
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2202
Trust: 0.1
url:http://www.mandriva.com/security/advisories
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2483
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-1657
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-2336
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0807
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1172
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3379
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3267
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1657
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:068-1
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:197
Trust: 0.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:180
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2335
Trust: 0.1
url:http://www.debian.org/security/faq
Trust: 0.1
url:http://www.debian.org/security/
Trust: 0.1
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/49053/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49053
Trust: 0.1
url:http://secunia.com/advisories/49053/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.8
Trust: 0.1
url:http://people.canonical.com/~ubuntu-security/cve/2012/cve-2012-2311.html
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.24
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.7
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-1437-1
Trust: 0.1
sources:
            
            
            CERT/CC: VU#673343 // 
            
            
            
            VULMON: CVE-2012-1823 // 
            
            
            
            BID: 53388 // 
            
            
            
            PACKETSTORM: 112598 // 
            
            
            
            PACKETSTORM: 112580 // 
            
            
            
            PACKETSTORM: 112507 // 
            
            
            
            PACKETSTORM: 112612 // 
            
            
            
            PACKETSTORM: 112508 // 
            
            
            
            PACKETSTORM: 112474 // 
            
            
            
            CNNVD: CNNVD-201205-108 // 
            
            
            
            NVD: CVE-2012-1823

CREDITS
De Eindbazen
Trust: 0.3
sources:
            
            
            BID: 53388

SOURCES
db:CERT/CCid:VU#673343
db:VULMONid:CVE-2012-1823
db:BIDid:53388
db:PACKETSTORMid:112598
db:PACKETSTORMid:112580
db:PACKETSTORMid:112507
db:PACKETSTORMid:112612
db:PACKETSTORMid:112508
db:PACKETSTORMid:112474
db:CNNVDid:CNNVD-201205-108
db:NVDid:CVE-2012-1823

LAST UPDATE DATE
2025-04-25T20:10:57.786000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#673343date:2013-06-07T00:00:00
db:VULMONid:CVE-2012-1823date:2018-01-18T00:00:00
db:BIDid:53388date:2015-04-13T22:15:00
db:CNNVDid:CNNVD-201205-108date:2012-05-08T00:00:00
db:NVDid:CVE-2012-1823date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#673343date:2013-06-07T00:00:00
db:VULMONid:CVE-2012-1823date:2012-05-11T00:00:00
db:BIDid:53388date:2012-05-04T00:00:00
db:PACKETSTORMid:112598date:2012-05-10T15:28:01
db:PACKETSTORMid:112580date:2012-05-10T03:59:25
db:PACKETSTORMid:112507date:2012-05-07T20:04:24
db:PACKETSTORMid:112612date:2012-05-10T06:23:20
db:PACKETSTORMid:112508date:2012-05-07T20:04:50
db:PACKETSTORMid:112474date:2012-05-06T01:28:45
db:CNNVDid:CNNVD-201205-108date:2012-05-08T00:00:00
db:NVDid:CVE-2012-1823date:2012-05-11T10:15:48.043