CVE-2012-3365

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00022.html

http://osvdb.org/84100

http://secunia.com/advisories/49969

http://secunia.com/advisories/51178

http://www.mandriva.com/security/advisories?name=MDVSA-2012:108

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/54612

http://www.securitytracker.com/id?1027286

https://hermes.opensuse.org/messages/15376003

Details

Source: MITRE

Published: 2012-07-20

Updated: 2017-12-01

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.14 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
102079Juniper Junos PHP multiple vulnerabilities (JSA10804)NessusJunos Local Security Checks
high
80736Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)NessusSolaris Local Security Checks
critical
74709openSUSE Security Update : php5 (openSUSE-SU-2012:0976-1)NessusSuSE Local Security Checks
critical
64106SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)NessusSuSE Local Security Checks
critical
64105SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)NessusSuSE Local Security Checks
critical
64101SuSE 11.1 Security Update : php5 (SAT Patch Number 6627)NessusSuSE Local Security Checks
critical
62236GLSA-201209-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
62208FreeBSD : php5-sqlite -- open_basedir bypass (ec255bd8-02c6-11e2-92d1-000d601460a4)NessusFreeBSD Local Security Checks
medium
61961Mandriva Linux Security Advisory : php (MDVSA-2012:108)NessusMandriva Local Security Checks
critical
801075PHP 5.3.x < 5.3.15 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6556PHP 5.3.x < 5.3.15 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
61658SuSE 10 Security Update : php5 (ZYPP Patch Number 8239)NessusSuSE Local Security Checks
critical
60085PHP 5.3.x < 5.3.15 Multiple VulnerabilitiesNessusCGI abuses
critical