Web application abuses : PHP Multiple Vulnerabilities - 01 (Mar 2013)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803341

Categoría: Web application abuses

Título: PHP Multiple Vulnerabilities - 01 (Mar 2013) - Windows

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
Flaw due to insufficient validation of file-upload implementation in
rfc1867.c and it does not handle invalid '[' characters in name values.

Vulnerability Impact:
Successful exploitation will allow attackers to retrieve, corrupt or upload
arbitrary files, or can cause denial of service via corrupted $_FILES indexes.

Affected Software/OS:
PHP version before 5.4.0

Solution:
Update to PHP 5.4.0 or later.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1172
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Debian Security Information: DSA-2465 (Google Search)
http://www.debian.org/security/2012/dsa-2465
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/
https://bugs.php.net/bug.php?id=48597
https://bugs.php.net/bug.php?id=49683
https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf
http://openwall.com/lists/oss-security/2012/03/13/4
SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803341
Categoría:	Web application abuses
Título:	PHP Multiple Vulnerabilities - 01 (Mar 2013) - Windows
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Flaw due to insufficient validation of file-upload implementation in rfc1867.c and it does not handle invalid '[' characters in name values. Vulnerability Impact: Successful exploitation will allow attackers to retrieve, corrupt or upload arbitrary files, or can cause denial of service via corrupted $_FILES indexes. Affected Software/OS: PHP version before 5.4.0 Solution: Update to PHP 5.4.0 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1172 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=49683 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf http://openwall.com/lists/oss-security/2012/03/13/4 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
Copyright	Copyright (C) 2013 Greenbone AG