certfr_avis - certa-2011-avi-461

CERTA-2011-AVI-461

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectent PHP et permettent de contourner la politique de sécurité.

Description

Plusieurs vulnérabilités affectent PHP :

une mauvaise gestion de pointeur dans la fonction substr_replace permet à un utilisateur malveillant de corrompre la mémoire et au moins de provoquer un déni de service ;
un débordement dans la pile dans la fonction socket_connect permet à un utilisateur malveillant d'exécuter du code arbitraire ;
un défaut de traitement de certaines requêtes POST par la fonction rfc1867_post_handler permet à un utilisateur malveillant d'atteinde n'importe quel fichier du système ;
une erreur dans l'implantation crypt_blowfish provoque des collisions lors des calculs de condensés cryptographiques ;
un dépassement de tampon mémoire est présent dans la fonction crypt.

Solution

La version 5.3.7 de PHP résoud ces problèmes mais introduit une régression (dans la fonction crypt()).

La version 5.3.8 résoud la régression introduite dans PHP 5.3.7.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

PHP 5.3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Mise en garde sur la version PHP 5.3.7 du 22 août 2011	None	vendor-advisory
Annonce de la version 5.3.8 du 23 août 2011	None	vendor-advisory
Annonce de la version PHP 5.3.7 du 18 août 2011	None	vendor-advisory
Annonce de la version PHP 5.3.8 du 23 août 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ePHP 5.3.x.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent PHP\u00a0:\n\n-   une mauvaise gestion de pointeur dans la fonction substr_replace\n    permet \u00e0 un utilisateur malveillant de corrompre la m\u00e9moire et au\n    moins de provoquer un d\u00e9ni de service\u00a0;\n-   un d\u00e9bordement dans la pile dans la fonction socket_connect permet \u00e0\n    un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire\u00a0;\n-   un d\u00e9faut de traitement de certaines requ\u00eates POST par la fonction\n    rfc1867_post_handler permet \u00e0 un utilisateur malveillant d\u0027atteinde\n    n\u0027importe quel fichier du syst\u00e8me\u00a0;\n-   une erreur dans l\u0027implantation crypt_blowfish provoque des\n    collisions lors des calculs de condens\u00e9s cryptographiques\u00a0;\n-   un d\u00e9passement de tampon m\u00e9moire est pr\u00e9sent dans la fonction crypt.\n\n## Solution\n\nLa version 5.3.7 de PHP r\u00e9soud ces probl\u00e8mes mais introduit une\nr\u00e9gression (dans la fonction crypt()).\n\nLa version 5.3.8 r\u00e9soud la r\u00e9gression introduite dans PHP 5.3.7.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2011-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
    },
    {
      "name": "CVE-2011-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
    }
  ],
  "initial_release_date": "2011-08-22T00:00:00",
  "last_revision_date": "2011-08-26T00:00:00",
  "links": [
    {
      "title": "Annonce de la version PHP 5.3.8 du 23 ao\u00fbt 2011 :",
      "url": "http://www.php.net/archive/2011.php#id2011-08-23-1"
    }
  ],
  "reference": "CERTA-2011-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-22T00:00:00.000000"
    },
    {
      "description": "ajout du correctif de la version 5.3.8 du 23 ao\u00fbt 2011.",
      "revision_date": "2011-08-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent PHP et permettent de contourner la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise en garde sur la version PHP 5.3.7 du 22 ao\u00fbt 2011",
      "url": "http://www.php.net/archive/2011.php#id2011-08-22-1"
    },
    {
      "published_at": null,
      "title": "Annonce de la version 5.3.8 du 23 ao\u00fbt 2011",
      "url": null
    },
    {
      "published_at": null,
      "title": "Annonce de la version PHP 5.3.7 du 18 ao\u00fbt 2011",
      "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
    }
  ]
}

CVE-2011-2483 (GCVE-0-2011-2483)

Vulnerability from cvelistv5

Published

2011-08-25 14:00

Modified

2024-08-06 23:00

Severity ?

CWE

Summary

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

References

URL

Tags

	http://www.openwall.com/crypt/	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:180	vendor-advisory, x_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/69319	vdb-entry, x_refsource_XF
	http://support.apple.com/kb/HT5130	x_refsource_CONFIRM
	http://php.net/security/crypt_blowfish	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49241	vdb-entry, x_refsource_BID
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:165	vendor-advisory, x_refsource_MANDRIVA
	http://www.debian.org/security/2012/dsa-2399	vendor-advisory, x_refsource_DEBIAN
	http://www.debian.org/security/2011/dsa-2340	vendor-advisory, x_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2011-1378.html	vendor-advisory, x_refsource_REDHAT
	http://www.postgresql.org/docs/8.4/static/release-8-4-9.html	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:178	vendor-advisory, x_refsource_MANDRIVA
	http://www.redhat.com/support/errata/RHSA-2011-1377.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2011-1423.html	vendor-advisory, x_refsource_REDHAT
	http://www.php.net/ChangeLog-5.php#5.3.7	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
	http://www.php.net/archive/2011.php#id2011-08-18-1	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:179	vendor-advisory, x_refsource_MANDRIVA
	http://freshmeat.net/projects/crypt_blowfish	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-1229-1	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/crypt/"
          },
          {
            "name": "MDVSA-2011:180",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180"
          },
          {
            "name": "php-cryptblowfish-info-disclosure(69319)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5130"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/security/crypt_blowfish"
          },
          {
            "name": "49241",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49241"
          },
          {
            "name": "MDVSA-2011:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
          },
          {
            "name": "DSA-2399",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2399"
          },
          {
            "name": "DSA-2340",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2340"
          },
          {
            "name": "RHSA-2011:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html"
          },
          {
            "name": "APPLE-SA-2012-02-01-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
          },
          {
            "name": "SUSE-SA:2011:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html"
          },
          {
            "name": "MDVSA-2011:178",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
          },
          {
            "name": "RHSA-2011:1377",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html"
          },
          {
            "name": "RHSA-2011:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
          },
          {
            "name": "MDVSA-2011:179",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://freshmeat.net/projects/crypt_blowfish"
          },
          {
            "name": "USN-1229-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1229-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openwall.com/crypt/"
        },
        {
          "name": "MDVSA-2011:180",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180"
        },
        {
          "name": "php-cryptblowfish-info-disclosure(69319)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5130"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/security/crypt_blowfish"
        },
        {
          "name": "49241",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49241"
        },
        {
          "name": "MDVSA-2011:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
        },
        {
          "name": "DSA-2399",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2399"
        },
        {
          "name": "DSA-2340",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2340"
        },
        {
          "name": "RHSA-2011:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html"
        },
        {
          "name": "APPLE-SA-2012-02-01-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
        },
        {
          "name": "SUSE-SA:2011:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html"
        },
        {
          "name": "MDVSA-2011:178",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
        },
        {
          "name": "RHSA-2011:1377",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html"
        },
        {
          "name": "RHSA-2011:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
        },
        {
          "name": "MDVSA-2011:179",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://freshmeat.net/projects/crypt_blowfish"
        },
        {
          "name": "USN-1229-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1229-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openwall.com/crypt/",
              "refsource": "CONFIRM",
              "url": "http://www.openwall.com/crypt/"
            },
            {
              "name": "MDVSA-2011:180",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180"
            },
            {
              "name": "php-cryptblowfish-info-disclosure(69319)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319"
            },
            {
              "name": "http://support.apple.com/kb/HT5130",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5130"
            },
            {
              "name": "http://php.net/security/crypt_blowfish",
              "refsource": "CONFIRM",
              "url": "http://php.net/security/crypt_blowfish"
            },
            {
              "name": "49241",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49241"
            },
            {
              "name": "MDVSA-2011:165",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
            },
            {
              "name": "DSA-2399",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2399"
            },
            {
              "name": "DSA-2340",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2340"
            },
            {
              "name": "RHSA-2011:1378",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html"
            },
            {
              "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html"
            },
            {
              "name": "APPLE-SA-2012-02-01-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
            },
            {
              "name": "SUSE-SA:2011:035",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html"
            },
            {
              "name": "MDVSA-2011:178",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
            },
            {
              "name": "RHSA-2011:1377",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html"
            },
            {
              "name": "RHSA-2011:1423",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.3.7",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
            },
            {
              "name": "MDVSA-2011:179",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179"
            },
            {
              "name": "http://freshmeat.net/projects/crypt_blowfish",
              "refsource": "MISC",
              "url": "http://freshmeat.net/projects/crypt_blowfish"
            },
            {
              "name": "USN-1229-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1229-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2483",
    "datePublished": "2011-08-25T14:00:00",
    "dateReserved": "2011-06-15T00:00:00",
    "dateUpdated": "2024-08-06T23:00:34.040Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1148 (GCVE-0-2011-1148)

Vulnerability from cvelistv5

Published

2011-03-18 15:00

Modified

2024-08-06 22:14

Severity ?

CWE

Summary

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

References

URL

Tags

	http://marc.info/?l=bugtraq&m=133469208622507&w=2	vendor-advisory, x_refsource_HP
	http://support.apple.com/kb/HT5130	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49241	vdb-entry, x_refsource_BID
	http://openwall.com/lists/oss-security/2011/03/13/2	mailing-list, x_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:165	vendor-advisory, x_refsource_MANDRIVA
	http://openwall.com/lists/oss-security/2011/03/13/9	mailing-list, x_refsource_MLIST
	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://openwall.com/lists/oss-security/2011/03/13/3	mailing-list, x_refsource_MLIST
	http://bugs.php.net/bug.php?id=54238	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=133469208622507&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2011-1423.html	vendor-advisory, x_refsource_REDHAT
	http://www.php.net/ChangeLog-5.php#5.3.7	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66080	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/46843	vdb-entry, x_refsource_BID
	http://www.php.net/archive/2011.php#id2011-08-18-1	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV02763",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5130"
          },
          {
            "name": "49241",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49241"
          },
          {
            "name": "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/13/2"
          },
          {
            "name": "MDVSA-2011:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
          },
          {
            "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/13/9"
          },
          {
            "name": "APPLE-SA-2012-02-01-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
          },
          {
            "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/13/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.php.net/bug.php?id=54238"
          },
          {
            "name": "SSRT100826",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
          },
          {
            "name": "RHSA-2011:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
          },
          {
            "name": "php-substrreplace-code-exec(66080)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080"
          },
          {
            "name": "46843",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46843"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV02763",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5130"
        },
        {
          "name": "49241",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49241"
        },
        {
          "name": "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/13/2"
        },
        {
          "name": "MDVSA-2011:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
        },
        {
          "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/13/9"
        },
        {
          "name": "APPLE-SA-2012-02-01-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
        },
        {
          "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/13/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.php.net/bug.php?id=54238"
        },
        {
          "name": "SSRT100826",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
        },
        {
          "name": "RHSA-2011:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
        },
        {
          "name": "php-substrreplace-code-exec(66080)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080"
        },
        {
          "name": "46843",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46843"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1148",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV02763",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT5130",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5130"
            },
            {
              "name": "49241",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49241"
            },
            {
              "name": "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/13/2"
            },
            {
              "name": "MDVSA-2011:165",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
            },
            {
              "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/13/9"
            },
            {
              "name": "APPLE-SA-2012-02-01-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
            },
            {
              "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/13/3"
            },
            {
              "name": "http://bugs.php.net/bug.php?id=54238",
              "refsource": "CONFIRM",
              "url": "http://bugs.php.net/bug.php?id=54238"
            },
            {
              "name": "SSRT100826",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
            },
            {
              "name": "RHSA-2011:1423",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.3.7",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
            },
            {
              "name": "php-substrreplace-code-exec(66080)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080"
            },
            {
              "name": "46843",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46843"
            },
            {
              "name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1148",
    "datePublished": "2011-03-18T15:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:14:27.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1938 (GCVE-0-2011-1938)

Vulnerability from cvelistv5

Published

2011-05-31 20:00

Modified

2024-08-06 22:46

Severity ?

CWE

Summary

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

References

URL

Tags

	http://svn.php.net/viewvc?view=revision&revision=311369	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=133469208622507&w=2	vendor-advisory, x_refsource_HP
	http://support.apple.com/kb/HT5130	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49241	vdb-entry, x_refsource_BID
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:165	vendor-advisory, x_refsource_MANDRIVA
	http://openwall.com/lists/oss-security/2011/05/24/9	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2012/dsa-2399	vendor-advisory, x_refsource_DEBIAN
	http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369&r2=311368&pathrev=311369	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://osvdb.org/72644	vdb-entry, x_refsource_OSVDB
	http://marc.info/?l=bugtraq&m=133469208622507&w=2	vendor-advisory, x_refsource_HP
	http://securityreason.com/securityalert/8294	third-party-advisory, x_refsource_SREASON
	http://www.exploit-db.com/exploits/17318/	exploit, x_refsource_EXPLOIT-DB
	http://www.redhat.com/support/errata/RHSA-2011-1423.html	vendor-advisory, x_refsource_REDHAT
	http://www.php.net/ChangeLog-5.php#5.3.7	x_refsource_CONFIRM
	http://securityreason.com/securityalert/8262	third-party-advisory, x_refsource_SREASON
	http://www.php.net/archive/2011.php#id2011-08-18-1	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/05/24/1	mailing-list, x_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67606	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc?view=revision\u0026revision=311369"
          },
          {
            "name": "HPSBOV02763",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5130"
          },
          {
            "name": "49241",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49241"
          },
          {
            "name": "MDVSA-2011:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
          },
          {
            "name": "[oss-security] 20110524 Re: CVE request: PHP socket_connect() - stack buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/05/24/9"
          },
          {
            "name": "DSA-2399",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2399"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369\u0026r2=311368\u0026pathrev=311369"
          },
          {
            "name": "APPLE-SA-2012-02-01-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
          },
          {
            "name": "72644",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/72644"
          },
          {
            "name": "SSRT100826",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
          },
          {
            "name": "8294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8294"
          },
          {
            "name": "17318",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17318/"
          },
          {
            "name": "RHSA-2011:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
          },
          {
            "name": "8262",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8262"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
          },
          {
            "name": "[oss-security] 20110523 CVE request: PHP socket_connect() - stack buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/05/24/1"
          },
          {
            "name": "php-socketconnect-bo(67606)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67606"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc?view=revision\u0026revision=311369"
        },
        {
          "name": "HPSBOV02763",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5130"
        },
        {
          "name": "49241",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49241"
        },
        {
          "name": "MDVSA-2011:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
        },
        {
          "name": "[oss-security] 20110524 Re: CVE request: PHP socket_connect() - stack buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/05/24/9"
        },
        {
          "name": "DSA-2399",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2399"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369\u0026r2=311368\u0026pathrev=311369"
        },
        {
          "name": "APPLE-SA-2012-02-01-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
        },
        {
          "name": "72644",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/72644"
        },
        {
          "name": "SSRT100826",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
        },
        {
          "name": "8294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8294"
        },
        {
          "name": "17318",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17318/"
        },
        {
          "name": "RHSA-2011:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
        },
        {
          "name": "8262",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8262"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
        },
        {
          "name": "[oss-security] 20110523 CVE request: PHP socket_connect() - stack buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/05/24/1"
        },
        {
          "name": "php-socketconnect-bo(67606)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67606"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.php.net/viewvc?view=revision\u0026revision=311369",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc?view=revision\u0026revision=311369"
            },
            {
              "name": "HPSBOV02763",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT5130",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5130"
            },
            {
              "name": "49241",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49241"
            },
            {
              "name": "MDVSA-2011:165",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
            },
            {
              "name": "[oss-security] 20110524 Re: CVE request: PHP socket_connect() - stack buffer overflow",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/05/24/9"
            },
            {
              "name": "DSA-2399",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2399"
            },
            {
              "name": "http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369\u0026r2=311368\u0026pathrev=311369",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369\u0026r2=311368\u0026pathrev=311369"
            },
            {
              "name": "APPLE-SA-2012-02-01-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
            },
            {
              "name": "72644",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/72644"
            },
            {
              "name": "SSRT100826",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
            },
            {
              "name": "8294",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8294"
            },
            {
              "name": "17318",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17318/"
            },
            {
              "name": "RHSA-2011:1423",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.3.7",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
            },
            {
              "name": "8262",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8262"
            },
            {
              "name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
            },
            {
              "name": "[oss-security] 20110523 CVE request: PHP socket_connect() - stack buffer overflow",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/05/24/1"
            },
            {
              "name": "php-socketconnect-bo(67606)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67606"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1938",
    "datePublished": "2011-05-31T20:00:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2202 (GCVE-0-2011-2202)

Vulnerability from cvelistv5

Published

2011-06-16 23:00

Modified

2024-08-06 22:53

Severity ?

CWE

Summary

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."

References

URL

Tags

	http://www.securityfocus.com/bid/48259	vdb-entry, x_refsource_BID
	http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=133469208622507&w=2	vendor-advisory, x_refsource_HP
	http://svn.php.net/viewvc?view=revision&revision=312103	x_refsource_CONFIRM
	http://support.apple.com/kb/HT5130	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49241	vdb-entry, x_refsource_BID
	http://securitytracker.com/id?1025659	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67999	vdb-entry, x_refsource_XF
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:165	vendor-advisory, x_refsource_MANDRIVA
	http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103	x_refsource_CONFIRM
	http://secunia.com/advisories/44874	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2011/dsa-2266	vendor-advisory, x_refsource_DEBIAN
	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://openwall.com/lists/oss-security/2011/06/13/15	mailing-list, x_refsource_MLIST
	http://marc.info/?l=bugtraq&m=133469208622507&w=2	vendor-advisory, x_refsource_HP
	http://bugs.php.net/bug.php?id=54939	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-1423.html	vendor-advisory, x_refsource_REDHAT
	http://www.php.net/ChangeLog-5.php#5.3.7	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/06/12/5	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2012-0071.html	vendor-advisory, x_refsource_REDHAT
	http://www.php.net/archive/2011.php#id2011-08-18-1	x_refsource_CONFIRM
	http://pastebin.com/1edSuSVN	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:53:17.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48259",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48259"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103\u0026r2=312102\u0026pathrev=312103"
          },
          {
            "name": "HPSBOV02763",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc?view=revision\u0026revision=312103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5130"
          },
          {
            "name": "49241",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49241"
          },
          {
            "name": "1025659",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025659"
          },
          {
            "name": "php-sapiposthandlerfunc-sec-bypass(67999)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67999"
          },
          {
            "name": "MDVSA-2011:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup\u0026pathrev=312103"
          },
          {
            "name": "44874",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44874"
          },
          {
            "name": "DSA-2266",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2266"
          },
          {
            "name": "APPLE-SA-2012-02-01-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
          },
          {
            "name": "[oss-security] 20110613 Re: CVE Request: PHP File upload filename",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/06/13/15"
          },
          {
            "name": "SSRT100826",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.php.net/bug.php?id=54939"
          },
          {
            "name": "RHSA-2011:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
          },
          {
            "name": "[oss-security] 20110612 CVE Request: PHP File upload filename",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/06/12/5"
          },
          {
            "name": "RHSA-2012:0071",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://pastebin.com/1edSuSVN"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a \"file path injection vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48259",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48259"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103\u0026r2=312102\u0026pathrev=312103"
        },
        {
          "name": "HPSBOV02763",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc?view=revision\u0026revision=312103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5130"
        },
        {
          "name": "49241",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49241"
        },
        {
          "name": "1025659",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025659"
        },
        {
          "name": "php-sapiposthandlerfunc-sec-bypass(67999)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67999"
        },
        {
          "name": "MDVSA-2011:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup\u0026pathrev=312103"
        },
        {
          "name": "44874",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44874"
        },
        {
          "name": "DSA-2266",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2266"
        },
        {
          "name": "APPLE-SA-2012-02-01-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
        },
        {
          "name": "[oss-security] 20110613 Re: CVE Request: PHP File upload filename",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/06/13/15"
        },
        {
          "name": "SSRT100826",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.php.net/bug.php?id=54939"
        },
        {
          "name": "RHSA-2011:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
        },
        {
          "name": "[oss-security] 20110612 CVE Request: PHP File upload filename",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/06/12/5"
        },
        {
          "name": "RHSA-2012:0071",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://pastebin.com/1edSuSVN"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2202",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a \"file path injection vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48259",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48259"
            },
            {
              "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103\u0026r2=312102\u0026pathrev=312103",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103\u0026r2=312102\u0026pathrev=312103"
            },
            {
              "name": "HPSBOV02763",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
            },
            {
              "name": "http://svn.php.net/viewvc?view=revision\u0026revision=312103",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc?view=revision\u0026revision=312103"
            },
            {
              "name": "http://support.apple.com/kb/HT5130",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5130"
            },
            {
              "name": "49241",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49241"
            },
            {
              "name": "1025659",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025659"
            },
            {
              "name": "php-sapiposthandlerfunc-sec-bypass(67999)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67999"
            },
            {
              "name": "MDVSA-2011:165",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
            },
            {
              "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup\u0026pathrev=312103",
              "refsource": "CONFIRM",
              "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup\u0026pathrev=312103"
            },
            {
              "name": "44874",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44874"
            },
            {
              "name": "DSA-2266",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2266"
            },
            {
              "name": "APPLE-SA-2012-02-01-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
            },
            {
              "name": "[oss-security] 20110613 Re: CVE Request: PHP File upload filename",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/06/13/15"
            },
            {
              "name": "SSRT100826",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
            },
            {
              "name": "http://bugs.php.net/bug.php?id=54939",
              "refsource": "CONFIRM",
              "url": "http://bugs.php.net/bug.php?id=54939"
            },
            {
              "name": "RHSA-2011:1423",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.3.7",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.3.7"
            },
            {
              "name": "[oss-security] 20110612 CVE Request: PHP File upload filename",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/06/12/5"
            },
            {
              "name": "RHSA-2012:0071",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
            },
            {
              "name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
            },
            {
              "name": "http://pastebin.com/1edSuSVN",
              "refsource": "MISC",
              "url": "http://pastebin.com/1edSuSVN"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2202",
    "datePublished": "2011-06-16T23:00:00",
    "dateReserved": "2011-05-31T00:00:00",
    "dateUpdated": "2024-08-06T22:53:17.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2011-AVI-461

Vulnerability from certfr_avis

Description

Solution

CVE-2011-2483 (GCVE-0-2011-2483)

Vulnerability from cvelistv5

CVE-2011-1148 (GCVE-0-2011-1148)

Vulnerability from cvelistv5

CVE-2011-1938 (GCVE-0-2011-1938)

Vulnerability from cvelistv5

CVE-2011-2202 (GCVE-0-2011-2202)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature