var-201205-0312
Vulnerability from variot

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php security update Advisory ID: RHSA-2012:1046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1046.html Issue date: 2012-06-27 CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)

Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)

A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950)

A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)

Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.

It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)

A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789)

A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781)

It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)

Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.

All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

  1. Bugs fixed (http://bugzilla.redhat.com/):

782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension 835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024)

  1. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386: php-5.3.3-14.el6_3.i686.rpm php-bcmath-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm

x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

x86_64: php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm

ppc64: php-5.3.3-14.el6_3.ppc64.rpm php-cli-5.3.3-14.el6_3.ppc64.rpm php-common-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-gd-5.3.3-14.el6_3.ppc64.rpm php-ldap-5.3.3-14.el6_3.ppc64.rpm php-mysql-5.3.3-14.el6_3.ppc64.rpm php-odbc-5.3.3-14.el6_3.ppc64.rpm php-pdo-5.3.3-14.el6_3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.ppc64.rpm php-soap-5.3.3-14.el6_3.ppc64.rpm php-xml-5.3.3-14.el6_3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.ppc64.rpm

s390x: php-5.3.3-14.el6_3.s390x.rpm php-cli-5.3.3-14.el6_3.s390x.rpm php-common-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-gd-5.3.3-14.el6_3.s390x.rpm php-ldap-5.3.3-14.el6_3.s390x.rpm php-mysql-5.3.3-14.el6_3.s390x.rpm php-odbc-5.3.3-14.el6_3.s390x.rpm php-pdo-5.3.3-14.el6_3.s390x.rpm php-pgsql-5.3.3-14.el6_3.s390x.rpm php-soap-5.3.3-14.el6_3.s390x.rpm php-xml-5.3.3-14.el6_3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.s390x.rpm

x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm

ppc64: php-bcmath-5.3.3-14.el6_3.ppc64.rpm php-dba-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-devel-5.3.3-14.el6_3.ppc64.rpm php-embedded-5.3.3-14.el6_3.ppc64.rpm php-enchant-5.3.3-14.el6_3.ppc64.rpm php-imap-5.3.3-14.el6_3.ppc64.rpm php-intl-5.3.3-14.el6_3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.ppc64.rpm php-process-5.3.3-14.el6_3.ppc64.rpm php-pspell-5.3.3-14.el6_3.ppc64.rpm php-recode-5.3.3-14.el6_3.ppc64.rpm php-snmp-5.3.3-14.el6_3.ppc64.rpm php-tidy-5.3.3-14.el6_3.ppc64.rpm php-zts-5.3.3-14.el6_3.ppc64.rpm

s390x: php-bcmath-5.3.3-14.el6_3.s390x.rpm php-dba-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-devel-5.3.3-14.el6_3.s390x.rpm php-embedded-5.3.3-14.el6_3.s390x.rpm php-enchant-5.3.3-14.el6_3.s390x.rpm php-imap-5.3.3-14.el6_3.s390x.rpm php-intl-5.3.3-14.el6_3.s390x.rpm php-mbstring-5.3.3-14.el6_3.s390x.rpm php-process-5.3.3-14.el6_3.s390x.rpm php-pspell-5.3.3-14.el6_3.s390x.rpm php-recode-5.3.3-14.el6_3.s390x.rpm php-snmp-5.3.3-14.el6_3.s390x.rpm php-tidy-5.3.3-14.el6_3.s390x.rpm php-zts-5.3.3-14.el6_3.s390x.rpm

x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm

x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm

x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2010-2950.html https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0781.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://www.redhat.com/security/data/cve/CVE-2012-2386.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0546.html

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ1AR57OhwCeNCjP 5dEIaw64iUF1AYJgb6tOHK0= =KioB -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03839862

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03839862 Version: 1

HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2013-07-18 Last Updated: 2013-07-18

Potential Security Impact: Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain extended privileges, disclosure of information, unauthorized access, XSS

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS.

References: CVE-2011-3389 (SSRT100740) Remote disclosure of information CVE-2012-0883 (SSRT101209) Remote gain extended privileges CVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS) CVE-2012-2311 (SSRT100992) Remote execution of arbitrary code CVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS) CVE-2012-2335 (SSRT100992) Remote execution of arbitrary code CVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS) CVE-2013-2355 (SSRT100696) Remote unauthorized Access CVE-2013-2356 (SSRT100835) Remote disclosure of information CVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2361 (SSRT101007) XSS CVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS) CVE-2013-2363 (SSRT101150) Remote disclosure of information CVE-2013-2364 (SSRT101151) XSS CVE-2013-5217 (SSRT101137) Remote unauthorized access

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2329 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2335 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2336 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2355 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-2356 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 CVE-2013-2357 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2358 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2359 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2360 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2361 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2362 (AV:L/AC:H/Au:S/C:N/I:N/A:P) 1.0 CVE-2013-2363 (AV:N/AC:H/Au:N/C:C/I:N/A:P) 6.1 CVE-2013-2364 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2013-5217 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

The Hewlett-Packard Company thanks agix for working with the TippingPoint Zero Day Initiative to report vulnerability CVE-2013-2362 to security-alert@hp.com

RESOLUTION

HP has made System Management Homepage (SMH) v7.2.1 or subsequent available for Windows and Linux to resolve the vulnerabilities.

Information and updates for SMH can be found at the following location:

http://h18013.www1.hp.com/products/servers/management/agents/index.html

HISTORY Version:1 (rev.1) - 18 July 2013 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.


Problem Description:

A vulnerability has been found and corrected in php(-cgi):

PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The updated packages provides the latest version (5.3.13) which provides a solution to this flaw. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH JTVUFGYH3hR84ZM7EV65I9g= =hQaF -----END PGP SIGNATURE-----


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0312",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "2.0b10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.5.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server eus 6.1.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.3"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.3"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ctpview 7.0r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "lotus foundations start 1.2.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise linux eus 5.6.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "lotus foundations start 1.2.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "110"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "linux enterprise server for vmware sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0x64"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2008"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "8.6"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "lotus foundations start",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11x64"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "De Eindbazen",
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-2336",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201205-209",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the \u0027T\u0027 case.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP is prone to an information-disclosure vulnerability. \nExploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. Please refer to the following Mandriva\n advisories for further information:\n MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180,\n MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php security update\nAdvisory ID:       RHSA-2012:1046-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-1046.html\nIssue date:        2012-06-27\nCVE Names:         CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 \n                   CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 \n                   CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw to\ncreate or overwrite an arbitrary file that is writable by the user running\nPHP, if a PHP script processed untrusted eXtensible Style Sheet Language\nTransformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration\ndirective, \"xsl.security_prefs\", can be used to enable file writing in\nXSLT. \n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to store\nthe uploaded file in an unexpected directory, by using a directory\ntraversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the PHP phar extension processed certain fields of\ntar archive files. A remote attacker could provide a specially-crafted tar\narchive file that, when processed by a PHP application using the phar\nextension, could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed\ncertain PHAR files. A remote attacker could provide a specially-crafted\nPHAR file, which once processed in a PHP application using the phar\nextension, could lead to information disclosure and possibly arbitrary code\nexecution via a crafted phar:// URI. (CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored when\ncalculating the hash, significantly reducing the password strength. \n(CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing\nDES hashing. Therefore, new hashes of the affected passwords will not match\nstored hashes generated using vulnerable PHP versions, and will need to be\nupdated. \n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line arguments. \nA specially-crafted request to a PHP script could cause the PHP interpreter\nto execute the script in a loop, or output usage information that triggers\nan Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote\nattacker could possibly use this flaw to cause excessive memory consumption\nby triggering many strtotime() function calls. (CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose()\nfunction. A remote attacker could use specially-crafted input to crash an\napplication that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function\u0027s return\nvalue in certain cases. A remote attacker could possibly use this flaw to\ncrash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters\nof CVE-2012-2143. \n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n782657 - CVE-2012-0057 php: XSLT file writing vulnerability\n782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS\n782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS\n783609 - CVE-2012-0789 php: strtotime timezone memory leak\n799187 - CVE-2012-1172 php: $_FILES array indexes corruption\n816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness\n820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h\n823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension\n835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\ni386:\nphp-5.3.3-14.el6_3.i686.rpm\nphp-bcmath-5.3.3-14.el6_3.i686.rpm\nphp-cli-5.3.3-14.el6_3.i686.rpm\nphp-common-5.3.3-14.el6_3.i686.rpm\nphp-dba-5.3.3-14.el6_3.i686.rpm\nphp-debuginfo-5.3.3-14.el6_3.i686.rpm\nphp-devel-5.3.3-14.el6_3.i686.rpm\nphp-embedded-5.3.3-14.el6_3.i686.rpm\nphp-enchant-5.3.3-14.el6_3.i686.rpm\nphp-gd-5.3.3-14.el6_3.i686.rpm\nphp-imap-5.3.3-14.el6_3.i686.rpm\nphp-intl-5.3.3-14.el6_3.i686.rpm\nphp-ldap-5.3.3-14.el6_3.i686.rpm\nphp-mbstring-5.3.3-14.el6_3.i686.rpm\nphp-mysql-5.3.3-14.el6_3.i686.rpm\nphp-odbc-5.3.3-14.el6_3.i686.rpm\nphp-pdo-5.3.3-14.el6_3.i686.rpm\nphp-pgsql-5.3.3-14.el6_3.i686.rpm\nphp-process-5.3.3-14.el6_3.i686.rpm\nphp-pspell-5.3.3-14.el6_3.i686.rpm\nphp-recode-5.3.3-14.el6_3.i686.rpm\nphp-snmp-5.3.3-14.el6_3.i686.rpm\nphp-soap-5.3.3-14.el6_3.i686.rpm\nphp-tidy-5.3.3-14.el6_3.i686.rpm\nphp-xml-5.3.3-14.el6_3.i686.rpm\nphp-xmlrpc-5.3.3-14.el6_3.i686.rpm\nphp-zts-5.3.3-14.el6_3.i686.rpm\n\nx86_64:\nphp-5.3.3-14.el6_3.x86_64.rpm\nphp-bcmath-5.3.3-14.el6_3.x86_64.rpm\nphp-cli-5.3.3-14.el6_3.x86_64.rpm\nphp-common-5.3.3-14.el6_3.x86_64.rpm\nphp-dba-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\nphp-devel-5.3.3-14.el6_3.x86_64.rpm\nphp-embedded-5.3.3-14.el6_3.x86_64.rpm\nphp-enchant-5.3.3-14.el6_3.x86_64.rpm\nphp-gd-5.3.3-14.el6_3.x86_64.rpm\nphp-imap-5.3.3-14.el6_3.x86_64.rpm\nphp-intl-5.3.3-14.el6_3.x86_64.rpm\nphp-ldap-5.3.3-14.el6_3.x86_64.rpm\nphp-mbstring-5.3.3-14.el6_3.x86_64.rpm\nphp-mysql-5.3.3-14.el6_3.x86_64.rpm\nphp-odbc-5.3.3-14.el6_3.x86_64.rpm\nphp-pdo-5.3.3-14.el6_3.x86_64.rpm\nphp-pgsql-5.3.3-14.el6_3.x86_64.rpm\nphp-process-5.3.3-14.el6_3.x86_64.rpm\nphp-pspell-5.3.3-14.el6_3.x86_64.rpm\nphp-recode-5.3.3-14.el6_3.x86_64.rpm\nphp-snmp-5.3.3-14.el6_3.x86_64.rpm\nphp-soap-5.3.3-14.el6_3.x86_64.rpm\nphp-tidy-5.3.3-14.el6_3.x86_64.rpm\nphp-xml-5.3.3-14.el6_3.x86_64.rpm\nphp-xmlrpc-5.3.3-14.el6_3.x86_64.rpm\nphp-zts-5.3.3-14.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\nx86_64:\nphp-cli-5.3.3-14.el6_3.x86_64.rpm\nphp-common-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\nx86_64:\nphp-5.3.3-14.el6_3.x86_64.rpm\nphp-bcmath-5.3.3-14.el6_3.x86_64.rpm\nphp-dba-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\nphp-devel-5.3.3-14.el6_3.x86_64.rpm\nphp-embedded-5.3.3-14.el6_3.x86_64.rpm\nphp-enchant-5.3.3-14.el6_3.x86_64.rpm\nphp-gd-5.3.3-14.el6_3.x86_64.rpm\nphp-imap-5.3.3-14.el6_3.x86_64.rpm\nphp-intl-5.3.3-14.el6_3.x86_64.rpm\nphp-ldap-5.3.3-14.el6_3.x86_64.rpm\nphp-mbstring-5.3.3-14.el6_3.x86_64.rpm\nphp-mysql-5.3.3-14.el6_3.x86_64.rpm\nphp-odbc-5.3.3-14.el6_3.x86_64.rpm\nphp-pdo-5.3.3-14.el6_3.x86_64.rpm\nphp-pgsql-5.3.3-14.el6_3.x86_64.rpm\nphp-process-5.3.3-14.el6_3.x86_64.rpm\nphp-pspell-5.3.3-14.el6_3.x86_64.rpm\nphp-recode-5.3.3-14.el6_3.x86_64.rpm\nphp-snmp-5.3.3-14.el6_3.x86_64.rpm\nphp-soap-5.3.3-14.el6_3.x86_64.rpm\nphp-tidy-5.3.3-14.el6_3.x86_64.rpm\nphp-xml-5.3.3-14.el6_3.x86_64.rpm\nphp-xmlrpc-5.3.3-14.el6_3.x86_64.rpm\nphp-zts-5.3.3-14.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\ni386:\nphp-5.3.3-14.el6_3.i686.rpm\nphp-cli-5.3.3-14.el6_3.i686.rpm\nphp-common-5.3.3-14.el6_3.i686.rpm\nphp-debuginfo-5.3.3-14.el6_3.i686.rpm\nphp-gd-5.3.3-14.el6_3.i686.rpm\nphp-ldap-5.3.3-14.el6_3.i686.rpm\nphp-mysql-5.3.3-14.el6_3.i686.rpm\nphp-odbc-5.3.3-14.el6_3.i686.rpm\nphp-pdo-5.3.3-14.el6_3.i686.rpm\nphp-pgsql-5.3.3-14.el6_3.i686.rpm\nphp-soap-5.3.3-14.el6_3.i686.rpm\nphp-xml-5.3.3-14.el6_3.i686.rpm\nphp-xmlrpc-5.3.3-14.el6_3.i686.rpm\n\nppc64:\nphp-5.3.3-14.el6_3.ppc64.rpm\nphp-cli-5.3.3-14.el6_3.ppc64.rpm\nphp-common-5.3.3-14.el6_3.ppc64.rpm\nphp-debuginfo-5.3.3-14.el6_3.ppc64.rpm\nphp-gd-5.3.3-14.el6_3.ppc64.rpm\nphp-ldap-5.3.3-14.el6_3.ppc64.rpm\nphp-mysql-5.3.3-14.el6_3.ppc64.rpm\nphp-odbc-5.3.3-14.el6_3.ppc64.rpm\nphp-pdo-5.3.3-14.el6_3.ppc64.rpm\nphp-pgsql-5.3.3-14.el6_3.ppc64.rpm\nphp-soap-5.3.3-14.el6_3.ppc64.rpm\nphp-xml-5.3.3-14.el6_3.ppc64.rpm\nphp-xmlrpc-5.3.3-14.el6_3.ppc64.rpm\n\ns390x:\nphp-5.3.3-14.el6_3.s390x.rpm\nphp-cli-5.3.3-14.el6_3.s390x.rpm\nphp-common-5.3.3-14.el6_3.s390x.rpm\nphp-debuginfo-5.3.3-14.el6_3.s390x.rpm\nphp-gd-5.3.3-14.el6_3.s390x.rpm\nphp-ldap-5.3.3-14.el6_3.s390x.rpm\nphp-mysql-5.3.3-14.el6_3.s390x.rpm\nphp-odbc-5.3.3-14.el6_3.s390x.rpm\nphp-pdo-5.3.3-14.el6_3.s390x.rpm\nphp-pgsql-5.3.3-14.el6_3.s390x.rpm\nphp-soap-5.3.3-14.el6_3.s390x.rpm\nphp-xml-5.3.3-14.el6_3.s390x.rpm\nphp-xmlrpc-5.3.3-14.el6_3.s390x.rpm\n\nx86_64:\nphp-5.3.3-14.el6_3.x86_64.rpm\nphp-cli-5.3.3-14.el6_3.x86_64.rpm\nphp-common-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\nphp-gd-5.3.3-14.el6_3.x86_64.rpm\nphp-ldap-5.3.3-14.el6_3.x86_64.rpm\nphp-mysql-5.3.3-14.el6_3.x86_64.rpm\nphp-odbc-5.3.3-14.el6_3.x86_64.rpm\nphp-pdo-5.3.3-14.el6_3.x86_64.rpm\nphp-pgsql-5.3.3-14.el6_3.x86_64.rpm\nphp-soap-5.3.3-14.el6_3.x86_64.rpm\nphp-xml-5.3.3-14.el6_3.x86_64.rpm\nphp-xmlrpc-5.3.3-14.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\ni386:\nphp-bcmath-5.3.3-14.el6_3.i686.rpm\nphp-dba-5.3.3-14.el6_3.i686.rpm\nphp-debuginfo-5.3.3-14.el6_3.i686.rpm\nphp-devel-5.3.3-14.el6_3.i686.rpm\nphp-embedded-5.3.3-14.el6_3.i686.rpm\nphp-enchant-5.3.3-14.el6_3.i686.rpm\nphp-imap-5.3.3-14.el6_3.i686.rpm\nphp-intl-5.3.3-14.el6_3.i686.rpm\nphp-mbstring-5.3.3-14.el6_3.i686.rpm\nphp-process-5.3.3-14.el6_3.i686.rpm\nphp-pspell-5.3.3-14.el6_3.i686.rpm\nphp-recode-5.3.3-14.el6_3.i686.rpm\nphp-snmp-5.3.3-14.el6_3.i686.rpm\nphp-tidy-5.3.3-14.el6_3.i686.rpm\nphp-zts-5.3.3-14.el6_3.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-14.el6_3.ppc64.rpm\nphp-dba-5.3.3-14.el6_3.ppc64.rpm\nphp-debuginfo-5.3.3-14.el6_3.ppc64.rpm\nphp-devel-5.3.3-14.el6_3.ppc64.rpm\nphp-embedded-5.3.3-14.el6_3.ppc64.rpm\nphp-enchant-5.3.3-14.el6_3.ppc64.rpm\nphp-imap-5.3.3-14.el6_3.ppc64.rpm\nphp-intl-5.3.3-14.el6_3.ppc64.rpm\nphp-mbstring-5.3.3-14.el6_3.ppc64.rpm\nphp-process-5.3.3-14.el6_3.ppc64.rpm\nphp-pspell-5.3.3-14.el6_3.ppc64.rpm\nphp-recode-5.3.3-14.el6_3.ppc64.rpm\nphp-snmp-5.3.3-14.el6_3.ppc64.rpm\nphp-tidy-5.3.3-14.el6_3.ppc64.rpm\nphp-zts-5.3.3-14.el6_3.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-14.el6_3.s390x.rpm\nphp-dba-5.3.3-14.el6_3.s390x.rpm\nphp-debuginfo-5.3.3-14.el6_3.s390x.rpm\nphp-devel-5.3.3-14.el6_3.s390x.rpm\nphp-embedded-5.3.3-14.el6_3.s390x.rpm\nphp-enchant-5.3.3-14.el6_3.s390x.rpm\nphp-imap-5.3.3-14.el6_3.s390x.rpm\nphp-intl-5.3.3-14.el6_3.s390x.rpm\nphp-mbstring-5.3.3-14.el6_3.s390x.rpm\nphp-process-5.3.3-14.el6_3.s390x.rpm\nphp-pspell-5.3.3-14.el6_3.s390x.rpm\nphp-recode-5.3.3-14.el6_3.s390x.rpm\nphp-snmp-5.3.3-14.el6_3.s390x.rpm\nphp-tidy-5.3.3-14.el6_3.s390x.rpm\nphp-zts-5.3.3-14.el6_3.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-14.el6_3.x86_64.rpm\nphp-dba-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\nphp-devel-5.3.3-14.el6_3.x86_64.rpm\nphp-embedded-5.3.3-14.el6_3.x86_64.rpm\nphp-enchant-5.3.3-14.el6_3.x86_64.rpm\nphp-imap-5.3.3-14.el6_3.x86_64.rpm\nphp-intl-5.3.3-14.el6_3.x86_64.rpm\nphp-mbstring-5.3.3-14.el6_3.x86_64.rpm\nphp-process-5.3.3-14.el6_3.x86_64.rpm\nphp-pspell-5.3.3-14.el6_3.x86_64.rpm\nphp-recode-5.3.3-14.el6_3.x86_64.rpm\nphp-snmp-5.3.3-14.el6_3.x86_64.rpm\nphp-tidy-5.3.3-14.el6_3.x86_64.rpm\nphp-zts-5.3.3-14.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\ni386:\nphp-5.3.3-14.el6_3.i686.rpm\nphp-cli-5.3.3-14.el6_3.i686.rpm\nphp-common-5.3.3-14.el6_3.i686.rpm\nphp-debuginfo-5.3.3-14.el6_3.i686.rpm\nphp-gd-5.3.3-14.el6_3.i686.rpm\nphp-ldap-5.3.3-14.el6_3.i686.rpm\nphp-mysql-5.3.3-14.el6_3.i686.rpm\nphp-odbc-5.3.3-14.el6_3.i686.rpm\nphp-pdo-5.3.3-14.el6_3.i686.rpm\nphp-pgsql-5.3.3-14.el6_3.i686.rpm\nphp-soap-5.3.3-14.el6_3.i686.rpm\nphp-xml-5.3.3-14.el6_3.i686.rpm\nphp-xmlrpc-5.3.3-14.el6_3.i686.rpm\n\nx86_64:\nphp-5.3.3-14.el6_3.x86_64.rpm\nphp-cli-5.3.3-14.el6_3.x86_64.rpm\nphp-common-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\nphp-gd-5.3.3-14.el6_3.x86_64.rpm\nphp-ldap-5.3.3-14.el6_3.x86_64.rpm\nphp-mysql-5.3.3-14.el6_3.x86_64.rpm\nphp-odbc-5.3.3-14.el6_3.x86_64.rpm\nphp-pdo-5.3.3-14.el6_3.x86_64.rpm\nphp-pgsql-5.3.3-14.el6_3.x86_64.rpm\nphp-soap-5.3.3-14.el6_3.x86_64.rpm\nphp-xml-5.3.3-14.el6_3.x86_64.rpm\nphp-xmlrpc-5.3.3-14.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm\n\ni386:\nphp-bcmath-5.3.3-14.el6_3.i686.rpm\nphp-dba-5.3.3-14.el6_3.i686.rpm\nphp-debuginfo-5.3.3-14.el6_3.i686.rpm\nphp-devel-5.3.3-14.el6_3.i686.rpm\nphp-embedded-5.3.3-14.el6_3.i686.rpm\nphp-enchant-5.3.3-14.el6_3.i686.rpm\nphp-imap-5.3.3-14.el6_3.i686.rpm\nphp-intl-5.3.3-14.el6_3.i686.rpm\nphp-mbstring-5.3.3-14.el6_3.i686.rpm\nphp-process-5.3.3-14.el6_3.i686.rpm\nphp-pspell-5.3.3-14.el6_3.i686.rpm\nphp-recode-5.3.3-14.el6_3.i686.rpm\nphp-snmp-5.3.3-14.el6_3.i686.rpm\nphp-tidy-5.3.3-14.el6_3.i686.rpm\nphp-zts-5.3.3-14.el6_3.i686.rpm\n\nx86_64:\nphp-bcmath-5.3.3-14.el6_3.x86_64.rpm\nphp-dba-5.3.3-14.el6_3.x86_64.rpm\nphp-debuginfo-5.3.3-14.el6_3.x86_64.rpm\nphp-devel-5.3.3-14.el6_3.x86_64.rpm\nphp-embedded-5.3.3-14.el6_3.x86_64.rpm\nphp-enchant-5.3.3-14.el6_3.x86_64.rpm\nphp-imap-5.3.3-14.el6_3.x86_64.rpm\nphp-intl-5.3.3-14.el6_3.x86_64.rpm\nphp-mbstring-5.3.3-14.el6_3.x86_64.rpm\nphp-process-5.3.3-14.el6_3.x86_64.rpm\nphp-pspell-5.3.3-14.el6_3.x86_64.rpm\nphp-recode-5.3.3-14.el6_3.x86_64.rpm\nphp-snmp-5.3.3-14.el6_3.x86_64.rpm\nphp-tidy-5.3.3-14.el6_3.x86_64.rpm\nphp-zts-5.3.3-14.el6_3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-2950.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4153.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0057.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0781.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0789.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1172.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-2143.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-2336.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-2386.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHSA-2012-0546.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ1AR57OhwCeNCjP\n5dEIaw64iUF1AYJgb6tOHK0=\n=KioB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03839862\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03839862\nVersion: 1\n\nHPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and\nWindows, Multiple Remote and Local Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-07-18\nLast Updated: 2013-07-18\n\nPotential Security Impact: Local Denial of Service (DoS), remote Denial of\nService (DoS), execution of arbitrary code, gain extended privileges,\ndisclosure of information, unauthorized access, XSS\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Local Denial of Service (DoS),\nremote Denial of Service (DoS), execution of arbitrary code, gain privileges,\ndisclosure of information, unauthorized access, or XSS. \n\nReferences:\nCVE-2011-3389 (SSRT100740) Remote disclosure of information\nCVE-2012-0883 (SSRT101209) Remote gain extended privileges\nCVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS)\nCVE-2012-2311 (SSRT100992) Remote execution of arbitrary code\nCVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS)\nCVE-2012-2335 (SSRT100992) Remote execution of arbitrary code\nCVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS)\nCVE-2013-2355 (SSRT100696) Remote unauthorized Access\nCVE-2013-2356 (SSRT100835) Remote disclosure of information\nCVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2361 (SSRT101007) XSS\nCVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS)\nCVE-2013-2363 (SSRT101150) Remote disclosure of information\nCVE-2013-2364 (SSRT101151) XSS\nCVE-2013-5217 (SSRT101137) Remote unauthorized access\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3389    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2012-0883    (AV:L/AC:M/Au:N/C:C/I:C/A:C)       6.9\nCVE-2012-2110    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2311    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2329    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-2335    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2336    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2013-2355    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2013-2356    (AV:N/AC:L/Au:N/C:C/I:N/A:N)       7.8\nCVE-2013-2357    (AV:N/AC:M/Au:S/C:N/I:N/A:C)       6.3\nCVE-2013-2358    (AV:N/AC:M/Au:S/C:N/I:N/A:C)       6.3\nCVE-2013-2359    (AV:N/AC:M/Au:S/C:N/I:N/A:P)       3.5\nCVE-2013-2360    (AV:N/AC:M/Au:S/C:N/I:N/A:P)       3.5\nCVE-2013-2361    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2013-2362    (AV:L/AC:H/Au:S/C:N/I:N/A:P)       1.0\nCVE-2013-2363    (AV:N/AC:H/Au:N/C:C/I:N/A:P)       6.1\nCVE-2013-2364    (AV:N/AC:L/Au:S/C:N/I:N/A:P)       4.0\nCVE-2013-5217    (AV:N/AC:H/Au:N/C:P/I:N/A:N)       2.6\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett-Packard Company thanks agix for working with the TippingPoint\nZero Day Initiative to report vulnerability CVE-2013-2362 to\nsecurity-alert@hp.com\n\nRESOLUTION\n\nHP has made System Management Homepage (SMH) v7.2.1 or subsequent available\nfor Windows and Linux to resolve the vulnerabilities. \n\nInformation and updates for SMH can be found at the following location:\n\nhttp://h18013.www1.hp.com/products/servers/management/agents/index.html\n\nHISTORY\nVersion:1 (rev.1) - 18 July 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n _______________________________________________________________________\n\n Problem Description:\n\n A vulnerability has been found and corrected in php(-cgi):\n \n PHP-CGI-based setups contain a vulnerability when parsing query string\n parameters from php files. The\n updated packages provides the latest version (5.3.13) which provides\n a solution to this flaw.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH\nJTVUFGYH3hR84ZM7EV65I9g=\n=hQaF\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2336",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "49014",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10658",
        "trust": 0.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#520827",
        "trust": 0.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#673343",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "53388",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "123310",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112598",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114261",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "122468",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114259",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114260",
        "trust": 0.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2012/05/09/9",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112597",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "122482",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "id": "VAR-201205-0312",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.47077376
  },
  "last_update_date": "2024-07-23T22:18:38.885000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PHP 5.4.3",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43186"
      },
      {
        "title": "PHP 5.4.3",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43185"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
      },
      {
        "trust": 1.7,
        "url": "https://bugs.php.net/bug.php?id=61910"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
      },
      {
        "trust": 1.6,
        "url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cve-2012-1823.patch\u0026revision=1336251592\u0026display=1"
      },
      {
        "trust": 1.6,
        "url": "http://www.php.net/changelog-5.php#5.4.3"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/49014"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2336"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2012:1047"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820708"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2012:1045"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2012:1046"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2012-2336"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2335"
      },
      {
        "trust": 0.4,
        "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
      },
      {
        "trust": 0.3,
        "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/software/lotus/products/foundations/start/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/113818"
      },
      {
        "trust": 0.3,
        "url": "kb.parallels.com/en/116241"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/thread/5174"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2013/jun/21"
      },
      {
        "trust": 0.3,
        "url": "http://ompldr.org/vzgxxaq"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100162699"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100165255"
      },
      {
        "trust": 0.3,
        "url": "http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
      },
      {
        "trust": 0.3,
        "url": "http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/673343"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/520827"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2358"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2357"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2362"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2361"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2364"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2363"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2359"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2356"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.3,
        "url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2355"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2360"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0057.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2336.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-4153.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1172.html"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/knowledge/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0789"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0789.html"
      },
      {
        "trust": 0.3,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5217"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2336"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2335"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2143.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2010-2950.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
      },
      {
        "trust": 0.2,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0546.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-2386.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4821"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1938"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdva-2012:004"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:166"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3267"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3268"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4566"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:165"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:065"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3182"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3268"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0807"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1172"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3267"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1657"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:068-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:197"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:180"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:068"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-0781.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1046.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5217"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0547.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1047.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-1045.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.openwall.com/lists/oss-security/2012/05/09/9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-04T00:00:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2013-09-19T22:22:00",
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "date": "2012-05-10T15:28:01",
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "date": "2012-06-28T03:31:36",
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "date": "2013-07-18T18:51:07",
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "date": "2012-06-28T03:31:01",
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "date": "2012-06-28T03:31:24",
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "date": "2012-05-10T15:26:54",
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "date": "2013-07-19T19:33:00",
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "date": "2012-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "date": "2012-05-11T10:15:48.527000",
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T22:15:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2023-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      },
      {
        "date": "2023-11-07T02:10:30.727000",
        "db": "NVD",
        "id": "CVE-2012-2336"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP Input validation error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-209"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "114261"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "114259"
      },
      {
        "db": "PACKETSTORM",
        "id": "114260"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      }
    ],
    "trust": 0.7
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.