oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)

From: Solar Designer <solar () openwall com>
Date: Sat, 5 May 2012 00:22:19 +0400
Hi,

I guess most of you have heard of this one already, yet it should be in
here as well.  The original issue was tracked as CERT VU#520827,
CVE-2012-1823.  PHP 5.4.2 and 5.3.12 were released with an incomplete
fix, and apparently CVE-2012-2311 refers to that incomplete fix issue.

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://www.php-security.net/archives/11-Mitigation-for-CVE-2012-1823-CVE-2012-2311.html
http://www.kb.cert.org/vuls/id/520827
http://www.reddit.com/r/PHP/comments/t3pr8/how_serious_is_this/
http://www.reddit.com/r/netsec/comments/t4lxw/phpcgi_query_string_parameter_vulnerability_leads/
http://www.metasploitminute.com/2012/05/cve-2012-1823-php-cgi-bug.html
http://www.opennet.ru/opennews/art.shtml?num=33765 (in Russian)

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: