CVE-2012-1172MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
References
http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://openwall.com/lists/oss-security/2012/03/13/4
http://support.apple.com/kb/HT5501
http://svn.php.net/viewvc?view=revision&revision=321664
http://www.debian.org/security/2012/dsa-2465
http://www.php.net/ChangeLog-5.php#5.4.0
https://bugs.php.net/bug.php?id=48597
https://bugs.php.net/bug.php?id=49683
https://bugs.php.net/bug.php?id=54374
https://bugs.php.net/bug.php?id=55500
https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.10 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 78152 | F5 Networks BIG-IP : PHP vulnerability (SOL14574) | Nessus | F5 Networks Local Security Checks | medium |
| 74607 | openSUSE Security Update : php5 (openSUSE-SU-2012:0551-1) | Nessus | SuSE Local Security Checks | medium |
| 6995 | PHP < 5.3.11 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 6995 | PHP < 5.3.11 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 6994 | PHP 5.4.x < 5.4.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 6994 | PHP 5.4.x < 5.4.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 68571 | Oracle Linux 5 : php53 (ELSA-2012-1047) | Nessus | Oracle Linux Local Security Checks | high |
| 68570 | Oracle Linux 6 : php (ELSA-2012-1046) | Nessus | Oracle Linux Local Security Checks | high |
| 68569 | Oracle Linux 5 : php (ELSA-2012-1045) | Nessus | Oracle Linux Local Security Checks | medium |
| 67089 | CentOS 5 : php53 (CESA-2012:1047) | Nessus | CentOS Local Security Checks | high |
| 64103 | SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6251) | Nessus | SuSE Local Security Checks | high |
| 64099 | SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6252) | Nessus | SuSE Local Security Checks | high |
| 62236 | GLSA-201209-03 : PHP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 6584 | Mac OS X 10.8 < 10.8.2 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 6584 | Mac OS X 10.8 < 10.8.2 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 6583 | Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 6583 | Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 62215 | Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 62214 | Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 62213 | Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 61358 | Scientific Linux Security Update : php on SL6.x i386/x86_64 (20120627) | Nessus | Scientific Linux Local Security Checks | high |
| 61357 | Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120627) | Nessus | Scientific Linux Local Security Checks | medium |
| 61356 | Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627) | Nessus | Scientific Linux Local Security Checks | high |
| 59938 | CentOS 6 : php (CESA-2012:1046) | Nessus | CentOS Local Security Checks | high |
| 59753 | RHEL 5 : php53 (RHSA-2012:1047) | Nessus | Red Hat Local Security Checks | high |
| 59752 | RHEL 6 : php (RHSA-2012:1046) | Nessus | Red Hat Local Security Checks | high |
| 59751 | RHEL 5 : php (RHSA-2012:1045) | Nessus | Red Hat Local Security Checks | medium |
| 59738 | CentOS 5 : php (CESA-2012:1045) | Nessus | CentOS Local Security Checks | medium |
| 59603 | Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1481-1) | Nessus | Ubuntu Local Security Checks | high |
| 59059 | Debian DSA-2465-1 : php5 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 59053 | SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8114) | Nessus | SuSE Local Security Checks | high |
| 59008 | Fedora 15 : maniadrive-1.2-32.fc15.3 / php-5.3.11-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.3 (2012-6911) | Nessus | Fedora Local Security Checks | medium |
| 59007 | Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907) | Nessus | Fedora Local Security Checks | medium |
| 59006 | Fedora 17 : maniadrive-1.2-38.fc17 / php-5.4.1-1.fc17 (2012-6869) | Nessus | Fedora Local Security Checks | medium |
| 58967 | PHP 5.4.x < 5.4.1 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
| 58966 | PHP < 5.3.11 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
| 58938 | FreeBSD : php -- multiple vulnerabilities (2cde1892-913e-11e1-b44c-001fd0af1a4c) | Nessus | FreeBSD Local Security Checks | medium |
| 58890 | Mandriva Linux Security Advisory : php (MDVSA-2012:065) | Nessus | Mandriva Local Security Checks | high |