oss-sec mailing list archives
CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 08 Mar 2012 13:56:26 -0700
Just looking through http://www.php.net/ChangeLog-5.php#5.4.0 Fixed bug #55500 (Corrupted $_FILES indices lead to security concern). https://bugs.php.net/bug.php?id=55500 (still locked) But the blog posting: https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ has details and it appears to be a security issue. I have emailed security () php net twice, no response in a week so I'm sending the request to OSS-sec. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried (Mar 08)
- Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried (Mar 08)
- Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Huzaifa Sidhpurwala (Mar 13)