Published: 06/02/2012 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote malicious users to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.3.9

Synopsis Critical: php53 security update Type/Severity Security Advisory: Critical Topic Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulnerability Scor ...

Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic Updated php packages that fix one security issue are now available forRed Hat Enterprise Linux 4, 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulnerability ...

Multiple vulnerabilities in PHP ...

USN 1358-1 introduced a regression in PHP ...

It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code ...

<?php /* This script generates a POST header that makes PHP 540RC6 *64 bit* try to execute code at 0x1111111111111111 (C) Copyright 2012 Stefan Esser PHP 539 requires you to know the address of a writable address filled with NULL 32bit requires you to create a fake 32bit Hashtable instead of a 64bit one Because this vulnerabil ...

CWE-399 http://securitytracker.com/id?1026631 http://www.securityfocus.com/bid/51830 http://openwall.com/lists/oss-security/2012/02/03/1 http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://www.osvdb.org/78819 https://gist.github.com/1725489 http://openwall.com/lists/oss-security/2012/02/02/12 http://secunia.com/advisories/47806 http://svn.php.net/viewvc?view=revision&revision=323007 http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/http://www.php.net/ChangeLog-5.php#5.3.10 http://secunia.com/advisories/47813 http://www.debian.org/security/2012/dsa-2403 http://rhn.redhat.com/errata/RHSA-2012-0092.html http://secunia.com/advisories/47801 http://support.apple.com/kb/HT5281 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://secunia.com/advisories/48668 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://marc.info/?l=bugtraq&m=134012830914727&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/72911 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html https://access.redhat.com/errata/RHSA-2012:0092 https://nvd.nist.gov https://usn.ubuntu.com/1358-1/https://www.exploit-db.com/exploits/18460/

CVE-2012-0830

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect