CVE-2012-1172

MEDIUM

Description

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

ID	Name	Product	Family	Severity
78152	F5 Networks BIG-IP : PHP vulnerability (SOL14574)	Nessus	F5 Networks Local Security Checks	medium
74607	openSUSE Security Update : php5 (openSUSE-SU-2012:0551-1)	Nessus	SuSE Local Security Checks	medium
6995	PHP < 5.3.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
6994	PHP 5.4.x < 5.4.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
68571	Oracle Linux 5 : php53 (ELSA-2012-1047)	Nessus	Oracle Linux Local Security Checks	high
68570	Oracle Linux 6 : php (ELSA-2012-1046)	Nessus	Oracle Linux Local Security Checks	high
68569	Oracle Linux 5 : php (ELSA-2012-1045)	Nessus	Oracle Linux Local Security Checks	medium
67089	CentOS 5 : php53 (CESA-2012:1047)	Nessus	CentOS Local Security Checks	high
64103	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6251)	Nessus	SuSE Local Security Checks	high
64099	SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6252)	Nessus	SuSE Local Security Checks	high
62236	GLSA-201209-03 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
6584	Mac OS X 10.8 < 10.8.2 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
6583	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
62215	Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
62214	Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	critical
62213	Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)	Nessus	MacOS X Local Security Checks	critical
61358	Scientific Linux Security Update : php on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
61357	Scientific Linux Security Update : php on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
61356	Scientific Linux Security Update : php53 on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
59938	CentOS 6 : php (CESA-2012:1046)	Nessus	CentOS Local Security Checks	high
59753	RHEL 5 : php53 (RHSA-2012:1047)	Nessus	Red Hat Local Security Checks	high
59752	RHEL 6 : php (RHSA-2012:1046)	Nessus	Red Hat Local Security Checks	high
59751	RHEL 5 : php (RHSA-2012:1045)	Nessus	Red Hat Local Security Checks	medium
59738	CentOS 5 : php (CESA-2012:1045)	Nessus	CentOS Local Security Checks	medium
59603	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1481-1)	Nessus	Ubuntu Local Security Checks	high
59059	Debian DSA-2465-1 : php5 - several vulnerabilities	Nessus	Debian Local Security Checks	high
59053	SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8114)	Nessus	SuSE Local Security Checks	high
59008	Fedora 15 : maniadrive-1.2-32.fc15.3 / php-5.3.11-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.3 (2012-6911)	Nessus	Fedora Local Security Checks	medium
59007	Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)	Nessus	Fedora Local Security Checks	medium
59006	Fedora 17 : maniadrive-1.2-38.fc17 / php-5.4.1-1.fc17 (2012-6869)	Nessus	Fedora Local Security Checks	medium
58967	PHP 5.4.x < 5.4.1 Multiple Vulnerabilities	Nessus	CGI abuses	medium
58966	PHP < 5.3.11 Multiple Vulnerabilities	Nessus	CGI abuses	high
58938	FreeBSD : php -- multiple vulnerabilities (2cde1892-913e-11e1-b44c-001fd0af1a4c)	Nessus	FreeBSD Local Security Checks	medium
58890	Mandriva Linux Security Advisory : php (MDVSA-2012:065)	Nessus	Mandriva Local Security Checks	high

CVE-2012-1172

Description

References

Details

Risk Information

CVSS v2.0