PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2012-2376
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
CVE-2012-2336
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2012-2336
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2335
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
CVE-2012-2329
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
CVE-2012-2329
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi ...
CVE-2012-2311
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2012-2311
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-2376 Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. | CVSS2: 5.1 | 29% Средний | больше 13 лет назад |
 | CVE-2012-2336 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | CVSS2: 5 | 8% Низкий | больше 13 лет назад |
| CVE-2012-2336 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ... | CVSS2: 5 | 8% Низкий | больше 13 лет назад |
| CVE-2012-2335 php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. | CVSS2: 7.5 | 21% Средний | больше 13 лет назад |
| CVE-2012-2329 Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. | CVSS2: 5 | 80% Высокий | больше 13 лет назад |
| CVE-2012-2329 Buffer overflow in the apache_request_headers function in sapi/cgi/cgi ... | CVSS2: 5 | 80% Высокий | больше 13 лет назад |
| CVE-2012-2311 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | CVSS2: 7.5 | 88% Высокий | больше 13 лет назад |
| CVE-2012-2311 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ... | CVSS2: 7.5 | 88% Высокий | больше 13 лет назад |
| CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | CVSS3: 9.8 | 94% Критический | больше 13 лет назад |
| CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ... | CVSS3: 9.8 | 94% Критический | больше 13 лет назад |
Уязвимостей на страницу