ID

VAR-201205-0305


CVE

CVE-2012-1823


TITLE

Parallels Plesk Panel phppath/php vulnerability

Trust: 0.8

sources: CERT/CC: VU#673343

DESCRIPTION

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1. We recommend that you upgrade your php5 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2012:0546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0546.html Issue date: 2012-05-07 CVE Names: CVE-2012-1823 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823) Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827) 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-34.el5_8.src.rpm i386: php-5.1.6-34.el5_8.i386.rpm php-bcmath-5.1.6-34.el5_8.i386.rpm php-cli-5.1.6-34.el5_8.i386.rpm php-common-5.1.6-34.el5_8.i386.rpm php-dba-5.1.6-34.el5_8.i386.rpm php-debuginfo-5.1.6-34.el5_8.i386.rpm php-devel-5.1.6-34.el5_8.i386.rpm php-gd-5.1.6-34.el5_8.i386.rpm php-imap-5.1.6-34.el5_8.i386.rpm php-ldap-5.1.6-34.el5_8.i386.rpm php-mbstring-5.1.6-34.el5_8.i386.rpm php-mysql-5.1.6-34.el5_8.i386.rpm php-ncurses-5.1.6-34.el5_8.i386.rpm php-odbc-5.1.6-34.el5_8.i386.rpm php-pdo-5.1.6-34.el5_8.i386.rpm php-pgsql-5.1.6-34.el5_8.i386.rpm php-snmp-5.1.6-34.el5_8.i386.rpm php-soap-5.1.6-34.el5_8.i386.rpm php-xml-5.1.6-34.el5_8.i386.rpm php-xmlrpc-5.1.6-34.el5_8.i386.rpm x86_64: php-5.1.6-34.el5_8.x86_64.rpm php-bcmath-5.1.6-34.el5_8.x86_64.rpm php-cli-5.1.6-34.el5_8.x86_64.rpm php-common-5.1.6-34.el5_8.x86_64.rpm php-dba-5.1.6-34.el5_8.x86_64.rpm php-debuginfo-5.1.6-34.el5_8.x86_64.rpm php-devel-5.1.6-34.el5_8.x86_64.rpm php-gd-5.1.6-34.el5_8.x86_64.rpm php-imap-5.1.6-34.el5_8.x86_64.rpm php-ldap-5.1.6-34.el5_8.x86_64.rpm php-mbstring-5.1.6-34.el5_8.x86_64.rpm php-mysql-5.1.6-34.el5_8.x86_64.rpm php-ncurses-5.1.6-34.el5_8.x86_64.rpm php-odbc-5.1.6-34.el5_8.x86_64.rpm php-pdo-5.1.6-34.el5_8.x86_64.rpm php-pgsql-5.1.6-34.el5_8.x86_64.rpm php-snmp-5.1.6-34.el5_8.x86_64.rpm php-soap-5.1.6-34.el5_8.x86_64.rpm php-xml-5.1.6-34.el5_8.x86_64.rpm php-xmlrpc-5.1.6-34.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-34.el5_8.src.rpm i386: php-5.1.6-34.el5_8.i386.rpm php-bcmath-5.1.6-34.el5_8.i386.rpm php-cli-5.1.6-34.el5_8.i386.rpm php-common-5.1.6-34.el5_8.i386.rpm php-dba-5.1.6-34.el5_8.i386.rpm php-debuginfo-5.1.6-34.el5_8.i386.rpm php-devel-5.1.6-34.el5_8.i386.rpm php-gd-5.1.6-34.el5_8.i386.rpm php-imap-5.1.6-34.el5_8.i386.rpm php-ldap-5.1.6-34.el5_8.i386.rpm php-mbstring-5.1.6-34.el5_8.i386.rpm php-mysql-5.1.6-34.el5_8.i386.rpm php-ncurses-5.1.6-34.el5_8.i386.rpm php-odbc-5.1.6-34.el5_8.i386.rpm php-pdo-5.1.6-34.el5_8.i386.rpm php-pgsql-5.1.6-34.el5_8.i386.rpm php-snmp-5.1.6-34.el5_8.i386.rpm php-soap-5.1.6-34.el5_8.i386.rpm php-xml-5.1.6-34.el5_8.i386.rpm php-xmlrpc-5.1.6-34.el5_8.i386.rpm ia64: php-5.1.6-34.el5_8.ia64.rpm php-bcmath-5.1.6-34.el5_8.ia64.rpm php-cli-5.1.6-34.el5_8.ia64.rpm php-common-5.1.6-34.el5_8.ia64.rpm php-dba-5.1.6-34.el5_8.ia64.rpm php-debuginfo-5.1.6-34.el5_8.ia64.rpm php-devel-5.1.6-34.el5_8.ia64.rpm php-gd-5.1.6-34.el5_8.ia64.rpm php-imap-5.1.6-34.el5_8.ia64.rpm php-ldap-5.1.6-34.el5_8.ia64.rpm php-mbstring-5.1.6-34.el5_8.ia64.rpm php-mysql-5.1.6-34.el5_8.ia64.rpm php-ncurses-5.1.6-34.el5_8.ia64.rpm php-odbc-5.1.6-34.el5_8.ia64.rpm php-pdo-5.1.6-34.el5_8.ia64.rpm php-pgsql-5.1.6-34.el5_8.ia64.rpm php-snmp-5.1.6-34.el5_8.ia64.rpm php-soap-5.1.6-34.el5_8.ia64.rpm php-xml-5.1.6-34.el5_8.ia64.rpm php-xmlrpc-5.1.6-34.el5_8.ia64.rpm ppc: php-5.1.6-34.el5_8.ppc.rpm php-bcmath-5.1.6-34.el5_8.ppc.rpm php-cli-5.1.6-34.el5_8.ppc.rpm php-common-5.1.6-34.el5_8.ppc.rpm php-dba-5.1.6-34.el5_8.ppc.rpm php-debuginfo-5.1.6-34.el5_8.ppc.rpm php-devel-5.1.6-34.el5_8.ppc.rpm php-gd-5.1.6-34.el5_8.ppc.rpm php-imap-5.1.6-34.el5_8.ppc.rpm php-ldap-5.1.6-34.el5_8.ppc.rpm php-mbstring-5.1.6-34.el5_8.ppc.rpm php-mysql-5.1.6-34.el5_8.ppc.rpm php-ncurses-5.1.6-34.el5_8.ppc.rpm php-odbc-5.1.6-34.el5_8.ppc.rpm php-pdo-5.1.6-34.el5_8.ppc.rpm php-pgsql-5.1.6-34.el5_8.ppc.rpm php-snmp-5.1.6-34.el5_8.ppc.rpm php-soap-5.1.6-34.el5_8.ppc.rpm php-xml-5.1.6-34.el5_8.ppc.rpm php-xmlrpc-5.1.6-34.el5_8.ppc.rpm s390x: php-5.1.6-34.el5_8.s390x.rpm php-bcmath-5.1.6-34.el5_8.s390x.rpm php-cli-5.1.6-34.el5_8.s390x.rpm php-common-5.1.6-34.el5_8.s390x.rpm php-dba-5.1.6-34.el5_8.s390x.rpm php-debuginfo-5.1.6-34.el5_8.s390x.rpm php-devel-5.1.6-34.el5_8.s390x.rpm php-gd-5.1.6-34.el5_8.s390x.rpm php-imap-5.1.6-34.el5_8.s390x.rpm php-ldap-5.1.6-34.el5_8.s390x.rpm php-mbstring-5.1.6-34.el5_8.s390x.rpm php-mysql-5.1.6-34.el5_8.s390x.rpm php-ncurses-5.1.6-34.el5_8.s390x.rpm php-odbc-5.1.6-34.el5_8.s390x.rpm php-pdo-5.1.6-34.el5_8.s390x.rpm php-pgsql-5.1.6-34.el5_8.s390x.rpm php-snmp-5.1.6-34.el5_8.s390x.rpm php-soap-5.1.6-34.el5_8.s390x.rpm php-xml-5.1.6-34.el5_8.s390x.rpm php-xmlrpc-5.1.6-34.el5_8.s390x.rpm x86_64: php-5.1.6-34.el5_8.x86_64.rpm php-bcmath-5.1.6-34.el5_8.x86_64.rpm php-cli-5.1.6-34.el5_8.x86_64.rpm php-common-5.1.6-34.el5_8.x86_64.rpm php-dba-5.1.6-34.el5_8.x86_64.rpm php-debuginfo-5.1.6-34.el5_8.x86_64.rpm php-devel-5.1.6-34.el5_8.x86_64.rpm php-gd-5.1.6-34.el5_8.x86_64.rpm php-imap-5.1.6-34.el5_8.x86_64.rpm php-ldap-5.1.6-34.el5_8.x86_64.rpm php-mbstring-5.1.6-34.el5_8.x86_64.rpm php-mysql-5.1.6-34.el5_8.x86_64.rpm php-ncurses-5.1.6-34.el5_8.x86_64.rpm php-odbc-5.1.6-34.el5_8.x86_64.rpm php-pdo-5.1.6-34.el5_8.x86_64.rpm php-pgsql-5.1.6-34.el5_8.x86_64.rpm php-snmp-5.1.6-34.el5_8.x86_64.rpm php-soap-5.1.6-34.el5_8.x86_64.rpm php-xml-5.1.6-34.el5_8.x86_64.rpm php-xmlrpc-5.1.6-34.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm x86_64: php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm ppc64: php-5.3.3-3.el6_2.8.ppc64.rpm php-cli-5.3.3-3.el6_2.8.ppc64.rpm php-common-5.3.3-3.el6_2.8.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.8.ppc64.rpm php-gd-5.3.3-3.el6_2.8.ppc64.rpm php-ldap-5.3.3-3.el6_2.8.ppc64.rpm php-mysql-5.3.3-3.el6_2.8.ppc64.rpm php-odbc-5.3.3-3.el6_2.8.ppc64.rpm php-pdo-5.3.3-3.el6_2.8.ppc64.rpm php-pgsql-5.3.3-3.el6_2.8.ppc64.rpm php-soap-5.3.3-3.el6_2.8.ppc64.rpm php-xml-5.3.3-3.el6_2.8.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.8.ppc64.rpm s390x: php-5.3.3-3.el6_2.8.s390x.rpm php-cli-5.3.3-3.el6_2.8.s390x.rpm php-common-5.3.3-3.el6_2.8.s390x.rpm php-debuginfo-5.3.3-3.el6_2.8.s390x.rpm php-gd-5.3.3-3.el6_2.8.s390x.rpm php-ldap-5.3.3-3.el6_2.8.s390x.rpm php-mysql-5.3.3-3.el6_2.8.s390x.rpm php-odbc-5.3.3-3.el6_2.8.s390x.rpm php-pdo-5.3.3-3.el6_2.8.s390x.rpm php-pgsql-5.3.3-3.el6_2.8.s390x.rpm php-soap-5.3.3-3.el6_2.8.s390x.rpm php-xml-5.3.3-3.el6_2.8.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.8.s390x.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.8.ppc64.rpm php-dba-5.3.3-3.el6_2.8.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.8.ppc64.rpm php-devel-5.3.3-3.el6_2.8.ppc64.rpm php-embedded-5.3.3-3.el6_2.8.ppc64.rpm php-enchant-5.3.3-3.el6_2.8.ppc64.rpm php-imap-5.3.3-3.el6_2.8.ppc64.rpm php-intl-5.3.3-3.el6_2.8.ppc64.rpm php-mbstring-5.3.3-3.el6_2.8.ppc64.rpm php-process-5.3.3-3.el6_2.8.ppc64.rpm php-pspell-5.3.3-3.el6_2.8.ppc64.rpm php-recode-5.3.3-3.el6_2.8.ppc64.rpm php-snmp-5.3.3-3.el6_2.8.ppc64.rpm php-tidy-5.3.3-3.el6_2.8.ppc64.rpm php-zts-5.3.3-3.el6_2.8.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.8.s390x.rpm php-dba-5.3.3-3.el6_2.8.s390x.rpm php-debuginfo-5.3.3-3.el6_2.8.s390x.rpm php-devel-5.3.3-3.el6_2.8.s390x.rpm php-embedded-5.3.3-3.el6_2.8.s390x.rpm php-enchant-5.3.3-3.el6_2.8.s390x.rpm php-imap-5.3.3-3.el6_2.8.s390x.rpm php-intl-5.3.3-3.el6_2.8.s390x.rpm php-mbstring-5.3.3-3.el6_2.8.s390x.rpm php-process-5.3.3-3.el6_2.8.s390x.rpm php-pspell-5.3.3-3.el6_2.8.s390x.rpm php-recode-5.3.3-3.el6_2.8.s390x.rpm php-snmp-5.3.3-3.el6_2.8.s390x.rpm php-tidy-5.3.3-3.el6_2.8.s390x.rpm php-zts-5.3.3-3.el6_2.8.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm x86_64: php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1823.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPqBidXlSAg2UNWIIRAtuSAJwIgGRkPkW5/AUENoUr0jScjBiojQCeLkVK WUs1dQ+935LKCja022LRegM= =dMtA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Debian update for php5 SECUNIA ADVISORY ID: SA49053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49053 RELEASE DATE: 2012-05-10 DISCUSS ADVISORY: http://secunia.com/advisories/49053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. For more information see vulnerability #1 in: SA49014 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2465-1: http://www.debian.org/security/2012/dsa-2465 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012 php5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1 Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7 Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8 Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24 In general, a standard system update will make all the necessary changes

Trust: 2.52

sources: NVD: CVE-2012-1823 // CERT/CC: VU#673343 // BID: 53388 // VULMON: CVE-2012-1823 // PACKETSTORM: 112598 // PACKETSTORM: 112580 // PACKETSTORM: 112507 // PACKETSTORM: 112612 // PACKETSTORM: 112508 // PACKETSTORM: 112474

AFFECTED PRODUCTS

vendor:redhatmodel:storagescope:eqversion:2.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:40

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:b.11.23

Trust: 1.0

vendor:redhatmodel:gluster storage server for on-premisescope:eqversion:2.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:39

Trust: 1.0

vendor:redhatmodel:application stackscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:5.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.4.2

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.3.12

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:5.3

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:10

Trust: 1.0

vendor:redhatmodel:storage for public cloudscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.8.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:5.6

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:b.11.31

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.2

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:11

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.1

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:5.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.6.8

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 0.9

vendor:parallels holdingsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmodel:phpscope:eqversion:5.2.16

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.0

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.15

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.8

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.13

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.17

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.14

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.11

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.12

Trust: 0.6

vendor:parallelsmodel:plesk panelscope:eqversion:9.5.4

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.1.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux long life serverscope:eqversion:5.3

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.3

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:junipermodel:ctpview 7.0r1scope:neversion: -

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2bscope:neversion: -

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux eus 5.6.z serverscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.2.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.4.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2ascope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.5

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:110

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.12

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.4

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.2

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0x64

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.4.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:turbolinuxmodel:clientscope:eqversion:2008

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:8.6

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:lotus foundations startscope:eqversion:1.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.1

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:phpmodel:phpscope:neversion:5.3.13

Trust: 0.3

sources: CERT/CC: VU#673343 // BID: 53388 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1823
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2012-1823
value: CRITICAL

Trust: 1.0

NVD: CVE-2012-1823
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-108
value: HIGH

Trust: 0.6

VULMON: CVE-2012-1823
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-1823
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2012-1823
severity: HIGH
baseScore: 7.5
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2012-1823
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CERT/CC: VU#673343 // VULMON: CVE-2012-1823 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823 // NVD: CVE-2012-1823

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2012-1823

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 112507 // PACKETSTORM: 112508 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-108

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201205-108

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#673343 // VULMON: CVE-2012-1823

PATCH

title:PHP 5.4.3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43186

Trust: 0.6

title:PHP 5.4.3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43185

Trust: 0.6

title:Red Hat: Critical: php53 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120569 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120568 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120546 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: php53 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120547 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: php5: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=369fec60ba7ae134a5d768faf3cb2f6b

Trust: 0.1

title:Ubuntu Security Notice: php5 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1437-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-077url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-077

Trust: 0.1

title:Debian Security Advisories: DSA-2465-1 php5 -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=db88513c75df4c41339c6c90dcb69831

Trust: 0.1

title:Red Hat: Moderate: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121045 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: php53 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121047 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: php security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121046 - Security Advisory

Trust: 0.1

title:HacktivityCon_CTF_2020url:https://github.com/W3rni0/HacktivityCon_CTF_2020

Trust: 0.1

title:exploitsurl:https://github.com/infodox/exploits

Trust: 0.1

title:webappurlsurl:https://github.com/pwnwiki/webappurls

Trust: 0.1

title:CVE-2012-1823url:https://github.com/drone789/CVE-2012-1823

Trust: 0.1

title:Covid-v2-Botneturl:https://github.com/SniperX-D/Covid-v2-Botnet

Trust: 0.1

title:covidurl:https://github.com/MrScytheLULZ/covid

Trust: 0.1

title:python-pySecurityurl:https://github.com/CyberSavvy/python-pySecurity

Trust: 0.1

title:pySecurityurl:https://github.com/smartFlash/pySecurity

Trust: 0.1

title:AutoSploiturl:https://github.com/RootUp/AutoSploit

Trust: 0.1

title:Pythonurl:https://github.com/BCyberSavvy/Python

Trust: 0.1

title:awesome-infosecurl:https://github.com/onlurking/awesome-infosec

Trust: 0.1

title:awesome-infosecurl:https://github.com/eric-erki/awesome-infosec

Trust: 0.1

title:Intrusion_Detection_System-Pythonurl:https://github.com/marcocastro100/Intrusion_Detection_System-Python

Trust: 0.1

title:deepdigurl:https://github.com/cyberdeception/deepdig

Trust: 0.1

title:Boot2root-CTFs-Writeupsurl:https://github.com/Jean-Francois-C/Boot2root-CTFs

Trust: 0.1

title:Boot2root-CTFs-Writeupsurl:https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups

Trust: 0.1

title:CDLurl:https://github.com/NCSU-DANCE-Research-Group/CDL

Trust: 0.1

title:Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applicationsurl:https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications

Trust: 0.1

title:Threatposturl:https://threatpost.com/new-exploits-arrive-for-old-php-vulnerability/104881/

Trust: 0.1

title:Securelisturl:https://securelist.com/it-threat-evolution-q2-2013/37163/

Trust: 0.1

title:Threatposturl:https://threatpost.com/php-group-set-release-another-patch-cve-2012-1823-flaw-050812/76537/

Trust: 0.1

title:Threatposturl:https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/

Trust: 0.1

sources: VULMON: CVE-2012-1823 // CNNVD: CNNVD-201205-108

EXTERNAL IDS

db:NVDid:CVE-2012-1823

Trust: 3.3

db:CERT/CCid:VU#673343

Trust: 2.2

db:CERT/CCid:VU#520827

Trust: 2.0

db:SECUNIAid:49014

Trust: 1.7

db:SECUNIAid:49065

Trust: 1.7

db:SECUNIAid:49085

Trust: 1.7

db:SECUNIAid:49087

Trust: 1.7

db:SECTRACKid:1027022

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2024/06/07/1

Trust: 1.0

db:SECUNIAid:49053

Trust: 0.7

db:SECUNIAid:49097

Trust: 0.6

db:CNNVDid:CNNVD-201205-108

Trust: 0.6

db:JUNIPERid:JSA10658

Trust: 0.3

db:BIDid:53388

Trust: 0.3

db:EXPLOIT-DBid:18836

Trust: 0.1

db:VULMONid:CVE-2012-1823

Trust: 0.1

db:PACKETSTORMid:112598

Trust: 0.1

db:PACKETSTORMid:112580

Trust: 0.1

db:PACKETSTORMid:112507

Trust: 0.1

db:PACKETSTORMid:112612

Trust: 0.1

db:PACKETSTORMid:112508

Trust: 0.1

db:PACKETSTORMid:112474

Trust: 0.1

sources: CERT/CC: VU#673343 // VULMON: CVE-2012-1823 // BID: 53388 // PACKETSTORM: 112598 // PACKETSTORM: 112580 // PACKETSTORM: 112507 // PACKETSTORM: 112612 // PACKETSTORM: 112508 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

REFERENCES

url:http://www.php.net/archive/2012.php#id2012-05-03-1

Trust: 2.8

url:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Trust: 2.0

url:http://www.kb.cert.org/vuls/id/520827

Trust: 2.0

url:https://bugs.php.net/bug.php?id=61910

Trust: 1.7

url:http://www.php.net/changelog-5.php#5.4.2

Trust: 1.7

url:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1

Trust: 1.7

url:http://secunia.com/advisories/49014

Trust: 1.7

url:http://secunia.com/advisories/49087

Trust: 1.7

url:http://secunia.com/advisories/49065

Trust: 1.7

url:http://secunia.com/advisories/49085

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/673343

Trust: 1.5

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 1.4

url:http://rhn.redhat.com/errata/rhsa-2012-0547.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2012-0546.html

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:068

Trust: 1.2

url:http://www.debian.org/security/2012/dsa-2465

Trust: 1.2

url:http://kb.parallels.com/en/113818

Trust: 1.1

url:http://seclists.org/fulldisclosure/2013/jun/21

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2012-0568.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=134012830914727&w=2

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html

Trust: 1.1

url:http://support.apple.com/kb/ht5501

Trust: 1.1

url:http://www.securitytracker.com/id?1027022

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2012-0570.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2012-0569.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w45dboh56nqdrtom2dn2lna2fzimc3pk/

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2024/06/07/1

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pkgtquoa2ntz3rxn22csaujpiruyrb4b/

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823

Trust: 0.9

url:http://kb.parallels.com/116241

Trust: 0.8

url:http://www.parallels.com/products/plesk/lifecycle

Trust: 0.8

url:http://blogs.cisco.com/security/plesk-0-day-targets-web-servers/

Trust: 0.8

url:http://kb.parallels.com/en/113814

Trust: 0.8

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862

Trust: 0.6

url:http://secunia.com/advisories/49053

Trust: 0.6

url:http://secunia.com/advisories/49097

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-1823

Trust: 0.5

url:http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0

Trust: 0.3

url:http://www-01.ibm.com/software/lotus/products/foundations/start/

Trust: 0.3

url:kb.parallels.com/en/116241

Trust: 0.3

url:https://community.rapid7.com/thread/5174

Trust: 0.3

url:http://www.php.net/

Trust: 0.3

url:http://ompldr.org/vzgxxaq

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100162699

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100165255

Trust: 0.3

url:http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21620314

Trust: 0.3

url:http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt

Trust: 0.3

url:http://secunia.com/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1172

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-2311

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1823.html

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:0569

Trust: 0.1

url:https://github.com/infodox/exploits

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/18836/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0831

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1148

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0788

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1938

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0830

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0831

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdva-2012:004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2202

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2335

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0788

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0807

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3379

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1938

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3268

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4566

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:165

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:065

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3268

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2202

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1657

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0807

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1172

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3267

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1657

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:068-1

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:197

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:180

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2335

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/49053/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49053

Trust: 0.1

url:http://secunia.com/advisories/49053/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.8

Trust: 0.1

url:http://people.canonical.com/~ubuntu-security/cve/2012/cve-2012-2311.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.24

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.7

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1437-1

Trust: 0.1

sources: CERT/CC: VU#673343 // VULMON: CVE-2012-1823 // BID: 53388 // PACKETSTORM: 112598 // PACKETSTORM: 112580 // PACKETSTORM: 112507 // PACKETSTORM: 112612 // PACKETSTORM: 112508 // PACKETSTORM: 112474 // CNNVD: CNNVD-201205-108 // NVD: CVE-2012-1823

CREDITS

De Eindbazen

Trust: 0.3

sources: BID: 53388

SOURCES

db:CERT/CCid:VU#673343
db:VULMONid:CVE-2012-1823
db:BIDid:53388
db:PACKETSTORMid:112598
db:PACKETSTORMid:112580
db:PACKETSTORMid:112507
db:PACKETSTORMid:112612
db:PACKETSTORMid:112508
db:PACKETSTORMid:112474
db:CNNVDid:CNNVD-201205-108
db:NVDid:CVE-2012-1823

LAST UPDATE DATE

2025-04-25T20:10:57.786000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#673343date:2013-06-07T00:00:00
db:VULMONid:CVE-2012-1823date:2018-01-18T00:00:00
db:BIDid:53388date:2015-04-13T22:15:00
db:CNNVDid:CNNVD-201205-108date:2012-05-08T00:00:00
db:NVDid:CVE-2012-1823date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:CERT/CCid:VU#673343date:2013-06-07T00:00:00
db:VULMONid:CVE-2012-1823date:2012-05-11T00:00:00
db:BIDid:53388date:2012-05-04T00:00:00
db:PACKETSTORMid:112598date:2012-05-10T15:28:01
db:PACKETSTORMid:112580date:2012-05-10T03:59:25
db:PACKETSTORMid:112507date:2012-05-07T20:04:24
db:PACKETSTORMid:112612date:2012-05-10T06:23:20
db:PACKETSTORMid:112508date:2012-05-07T20:04:50
db:PACKETSTORMid:112474date:2012-05-06T01:28:45
db:CNNVDid:CNNVD-201205-108date:2012-05-08T00:00:00
db:NVDid:CVE-2012-1823date:2012-05-11T10:15:48.043