Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-1172

Опубликовано: 01 мар. 2012
Источник: redhat
CVSS2: 6.4
EPSS Средний

Описание

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Application Stack v2 for Enterprise LinuxphpWill not fix
Red Hat Enterprise Linux 4phpNot affected
Red Hat Enterprise Linux 5phpFixedRHSA-2012:104527.06.2012
Red Hat Enterprise Linux 5php53FixedRHSA-2012:104727.06.2012
Red Hat Enterprise Linux 6phpFixedRHSA-2012:104627.06.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=799187php: $_FILES array indexes corruption

EPSS

Процентиль: 94%
0.13651
Средний

6.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-1172

ubuntu
около 13 лет назад

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

nvd логотип

CVE-2012-1172

nvd
около 13 лет назад

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

debian логотип

CVE-2012-1172

debian
около 13 лет назад

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does n ...

github логотип

GHSA-jpm9-86g2-j2gx

github
около 3 лет назад

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

fstec логотип

BDU:2022-02630

CVSS3: 4.8
fstec
около 13 лет назад

Уязвимость компонента rfc1867.c интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 94%
0.13651
Средний

6.4 Medium

CVSS2

Уязвимость CVE-2012-1172