ID

VAR-201205-0312


CVE

CVE-2012-2336


TITLE

PHP Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201205-209

DESCRIPTION

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:1046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1046.html Issue date: 2012-06-27 CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension 835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024) 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-bcmath-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm ppc64: php-5.3.3-14.el6_3.ppc64.rpm php-cli-5.3.3-14.el6_3.ppc64.rpm php-common-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-gd-5.3.3-14.el6_3.ppc64.rpm php-ldap-5.3.3-14.el6_3.ppc64.rpm php-mysql-5.3.3-14.el6_3.ppc64.rpm php-odbc-5.3.3-14.el6_3.ppc64.rpm php-pdo-5.3.3-14.el6_3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.ppc64.rpm php-soap-5.3.3-14.el6_3.ppc64.rpm php-xml-5.3.3-14.el6_3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.ppc64.rpm s390x: php-5.3.3-14.el6_3.s390x.rpm php-cli-5.3.3-14.el6_3.s390x.rpm php-common-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-gd-5.3.3-14.el6_3.s390x.rpm php-ldap-5.3.3-14.el6_3.s390x.rpm php-mysql-5.3.3-14.el6_3.s390x.rpm php-odbc-5.3.3-14.el6_3.s390x.rpm php-pdo-5.3.3-14.el6_3.s390x.rpm php-pgsql-5.3.3-14.el6_3.s390x.rpm php-soap-5.3.3-14.el6_3.s390x.rpm php-xml-5.3.3-14.el6_3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.s390x.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.ppc64.rpm php-dba-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-devel-5.3.3-14.el6_3.ppc64.rpm php-embedded-5.3.3-14.el6_3.ppc64.rpm php-enchant-5.3.3-14.el6_3.ppc64.rpm php-imap-5.3.3-14.el6_3.ppc64.rpm php-intl-5.3.3-14.el6_3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.ppc64.rpm php-process-5.3.3-14.el6_3.ppc64.rpm php-pspell-5.3.3-14.el6_3.ppc64.rpm php-recode-5.3.3-14.el6_3.ppc64.rpm php-snmp-5.3.3-14.el6_3.ppc64.rpm php-tidy-5.3.3-14.el6_3.ppc64.rpm php-zts-5.3.3-14.el6_3.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.s390x.rpm php-dba-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-devel-5.3.3-14.el6_3.s390x.rpm php-embedded-5.3.3-14.el6_3.s390x.rpm php-enchant-5.3.3-14.el6_3.s390x.rpm php-imap-5.3.3-14.el6_3.s390x.rpm php-intl-5.3.3-14.el6_3.s390x.rpm php-mbstring-5.3.3-14.el6_3.s390x.rpm php-process-5.3.3-14.el6_3.s390x.rpm php-pspell-5.3.3-14.el6_3.s390x.rpm php-recode-5.3.3-14.el6_3.s390x.rpm php-snmp-5.3.3-14.el6_3.s390x.rpm php-tidy-5.3.3-14.el6_3.s390x.rpm php-zts-5.3.3-14.el6_3.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2950.html https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0781.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://www.redhat.com/security/data/cve/CVE-2012-2386.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0546.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ1AR57OhwCeNCjP 5dEIaw64iUF1AYJgb6tOHK0= =KioB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 1 HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-18 Last Updated: 2013-07-18 Potential Security Impact: Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain extended privileges, disclosure of information, unauthorized access, XSS Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. References: CVE-2011-3389 (SSRT100740) Remote disclosure of information CVE-2012-0883 (SSRT101209) Remote gain extended privileges CVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS) CVE-2012-2311 (SSRT100992) Remote execution of arbitrary code CVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS) CVE-2012-2335 (SSRT100992) Remote execution of arbitrary code CVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS) CVE-2013-2355 (SSRT100696) Remote unauthorized Access CVE-2013-2356 (SSRT100835) Remote disclosure of information CVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2361 (SSRT101007) XSS CVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS) CVE-2013-2363 (SSRT101150) Remote disclosure of information CVE-2013-2364 (SSRT101151) XSS CVE-2013-5217 (SSRT101137) Remote unauthorized access SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2329 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2335 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2336 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2355 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-2356 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 CVE-2013-2357 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2358 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2359 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2360 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2361 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2362 (AV:L/AC:H/Au:S/C:N/I:N/A:P) 1.0 CVE-2013-2363 (AV:N/AC:H/Au:N/C:C/I:N/A:P) 6.1 CVE-2013-2364 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2013-5217 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks agix for working with the TippingPoint Zero Day Initiative to report vulnerability CVE-2013-2362 to security-alert@hp.com RESOLUTION HP has made System Management Homepage (SMH) v7.2.1 or subsequent available for Windows and Linux to resolve the vulnerabilities. Information and updates for SMH can be found at the following location: http://h18013.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) - 18 July 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in php(-cgi): PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The updated packages provides the latest version (5.3.13) which provides a solution to this flaw. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH JTVUFGYH3hR84ZM7EV65I9g= =hQaF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ============================================================================ Ubuntu Security Notice USN-1481-1 June 19, 2012 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. (CVE-2012-1172) Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. (CVE-2012-2143) It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317) It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5 5.3.10-1ubuntu3.2 Ubuntu 11.10: php5 5.3.6-13ubuntu3.8 Ubuntu 11.04: php5 5.3.5-1ubuntu7.10 Ubuntu 10.04 LTS: php5 5.3.2-1ubuntu4.17 Ubuntu 8.04 LTS: php5 5.2.4-2ubuntu5.25 In general, a standard system update will make all the necessary changes

Trust: 1.89

sources: NVD: CVE-2012-2336 // BID: 53388 // PACKETSTORM: 123310 // PACKETSTORM: 112598 // PACKETSTORM: 114261 // PACKETSTORM: 122468 // PACKETSTORM: 114259 // PACKETSTORM: 112597 // PACKETSTORM: 113885 // PACKETSTORM: 122482

AFFECTED PRODUCTS

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 1.9

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 1.9

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 1.9

vendor:phpmodel:phpscope:eqversion:5.4.2

Trust: 1.9

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 1.9

vendor:phpmodel:phpscope:eqversion:5.4.1

Trust: 1.9

vendor:phpmodel:phpscope:eqversion:5.3.11

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.4.0

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:3.0.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.13

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:2.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:2.0b10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.1.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.17

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.18

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.1.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.1.2

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:5.3.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:1.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.0.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.13

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.2.17

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.2.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.1.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:3.0.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.4.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.3.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:4.0.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.12

Trust: 0.9

vendor:parallelsmodel:plesk panelscope:eqversion:9.5.4

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.1.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux long life serverscope:eqversion:5.3

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.3

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:junipermodel:ctpview 7.0r1scope:neversion: -

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2bscope:neversion: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux eus 5.6.z serverscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.2.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:lotus foundations start 1.2.2ascope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.7.5

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:110

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:4.4

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.2

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:3.0x64

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:turbolinuxmodel:clientscope:eqversion:2008

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:8.6

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:lotus foundations startscope:eqversion:1.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.1

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:phpmodel:phpscope:neversion:5.3.13

Trust: 0.3

sources: BID: 53388 // CNNVD: CNNVD-201205-209 // NVD: CVE-2012-2336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2336
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201205-209
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2012-2336
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-201205-209 // NVD: CVE-2012-2336

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2012-2336

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 114261 // PACKETSTORM: 114259 // PACKETSTORM: 112597 // PACKETSTORM: 113885 // CNNVD: CNNVD-201205-209

TYPE

arbitrary

Trust: 0.6

sources: PACKETSTORM: 123310 // PACKETSTORM: 114261 // PACKETSTORM: 122468 // PACKETSTORM: 114259 // PACKETSTORM: 112597 // PACKETSTORM: 122482

PATCH

title:PHP 5.4.3url:http://123.124.177.30/web/xxk/bdxqById.tag?id=43186

Trust: 0.6

title:PHP 5.4.3url:http://123.124.177.30/web/xxk/bdxqById.tag?id=43185

Trust: 0.6

sources: CNNVD: CNNVD-201205-209

EXTERNAL IDS

db:NVDid:CVE-2012-2336

Trust: 2.7

db:SECUNIAid:49014

Trust: 1.6

db:CNNVDid:CNNVD-201205-209

Trust: 0.6

db:JUNIPERid:JSA10658

Trust: 0.3

db:CERT/CCid:VU#520827

Trust: 0.3

db:CERT/CCid:VU#673343

Trust: 0.3

db:BIDid:53388

Trust: 0.3

db:PACKETSTORMid:123310

Trust: 0.1

db:PACKETSTORMid:112598

Trust: 0.1

db:PACKETSTORMid:114261

Trust: 0.1

db:PACKETSTORMid:122468

Trust: 0.1

db:PACKETSTORMid:114259

Trust: 0.1

db:OPENWALLid:OSS-SECURITY/2012/05/09/9

Trust: 0.1

db:PACKETSTORMid:112597

Trust: 0.1

db:PACKETSTORMid:113885

Trust: 0.1

db:PACKETSTORMid:122482

Trust: 0.1

sources: BID: 53388 // PACKETSTORM: 123310 // PACKETSTORM: 112598 // PACKETSTORM: 114261 // PACKETSTORM: 122468 // PACKETSTORM: 114259 // PACKETSTORM: 112597 // PACKETSTORM: 113885 // PACKETSTORM: 122482 // CNNVD: CNNVD-201205-209 // NVD: CVE-2012-2336

REFERENCES

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862

Trust: 2.2

url:https://bugs.php.net/bug.php?id=61910

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html

Trust: 1.6

url:http://www.php.net/archive/2012.php#id2012-05-08-1

Trust: 1.6

url:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cve-2012-1823.patch&revision=1336251592&display=1

Trust: 1.6

url:http://www.php.net/changelog-5.php#5.4.3

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html

Trust: 1.6

url:http://secunia.com/advisories/49014

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-2336

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2012-2335

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2012:1047

Trust: 0.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=820708

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2012:1045

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2012:1046

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2012-2336

Trust: 0.6

url:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2012-1172

Trust: 0.4

url:http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0

Trust: 0.3

url:http://www-01.ibm.com/software/lotus/products/foundations/start/

Trust: 0.3

url:http://kb.parallels.com/en/113818

Trust: 0.3

url:kb.parallels.com/en/116241

Trust: 0.3

url:https://community.rapid7.com/thread/5174

Trust: 0.3

url:http://www.php.net/

Trust: 0.3

url:http://seclists.org/fulldisclosure/2013/jun/21

Trust: 0.3

url:http://ompldr.org/vzgxxaq

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100162699

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100165255

Trust: 0.3

url:http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 0.3

url:http://www.php.net/archive/2012.php#id2012-05-03-1

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21620314

Trust: 0.3

url:http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/673343

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/520827

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2357

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2361

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2364

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2363

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2359

Trust: 0.3

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2329

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-3389

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2311

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2356

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2110

Trust: 0.3

url:http://h18013.www1.hp.com/products/servers/management/agents/index.html

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0883

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2355

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2360

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2143

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2386

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-5217

Trust: 0.2

url:http://secunia.com/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2336

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1823

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2335

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0057

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-0057.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-2143.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-2336.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-4153.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1172.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2010-2950.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0781

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-4153

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0789

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-0789.html

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-2386.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2950

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4821

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0831

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1148

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0788

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1938

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0830

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0831

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdva-2012:004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2202

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0788

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3379

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1148

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1938

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3268

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4566

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:165

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:065

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3268

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1657

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0807

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1172

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3267

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1657

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:068-1

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:197

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:180

Trust: 0.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:068

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0781.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-1046.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0546.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5217

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0547.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-1047.html

Trust: 0.1

url:http://www.openwall.com/lists/oss-security/2012/05/09/9

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1481-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.25

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2317

Trust: 0.1

sources: BID: 53388 // PACKETSTORM: 123310 // PACKETSTORM: 112598 // PACKETSTORM: 114261 // PACKETSTORM: 122468 // PACKETSTORM: 114259 // PACKETSTORM: 112597 // PACKETSTORM: 113885 // PACKETSTORM: 122482 // CNNVD: CNNVD-201205-209 // NVD: CVE-2012-2336

CREDITS

De Eindbazen

Trust: 0.3

sources: BID: 53388

SOURCES

db:BIDid:53388
db:PACKETSTORMid:123310
db:PACKETSTORMid:112598
db:PACKETSTORMid:114261
db:PACKETSTORMid:122468
db:PACKETSTORMid:114259
db:PACKETSTORMid:112597
db:PACKETSTORMid:113885
db:PACKETSTORMid:122482
db:CNNVDid:CNNVD-201205-209
db:NVDid:CVE-2012-2336

LAST UPDATE DATE

2024-11-20T20:14:55.463000+00:00


SOURCES UPDATE DATE

db:BIDid:53388date:2015-04-13T22:15:00
db:CNNVDid:CNNVD-201205-209date:2023-04-21T00:00:00
db:NVDid:CVE-2012-2336date:2023-11-07T02:10:30.727

SOURCES RELEASE DATE

db:BIDid:53388date:2012-05-04T00:00:00
db:PACKETSTORMid:123310date:2013-09-19T22:22:00
db:PACKETSTORMid:112598date:2012-05-10T15:28:01
db:PACKETSTORMid:114261date:2012-06-28T03:31:36
db:PACKETSTORMid:122468date:2013-07-18T18:51:07
db:PACKETSTORMid:114259date:2012-06-28T03:31:01
db:PACKETSTORMid:112597date:2012-05-10T15:26:54
db:PACKETSTORMid:113885date:2012-06-20T02:58:04
db:PACKETSTORMid:122482date:2013-07-19T19:33:00
db:CNNVDid:CNNVD-201205-209date:2012-05-14T00:00:00
db:NVDid:CVE-2012-2336date:2012-05-11T10:15:48.527