OVAL Reference oval:org.mitre.oval:def:19846

Oval Definition:

oval:org.mitre.oval:def:19846

Revision Date:	2015-04-20	Version:	29
Title:	HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
Description:	The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2012-1172
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis
Criteria meets HP Security Bulletin HPSBUX02791 HP-UX B.11.11 AND filesets tests hpuxwsAPACHE.APACHE version is less than B.2.0.64.04 OR hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.04 OR hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.04 OR hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.04 OR hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.04 OR hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.04 OR hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.04 OR hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.04 OR hpuxwsAPACHE.PHP version is less than B.2.0.64.04 OR hpuxwsAPACHE.PHP2 version is less than B.2.0.64.04 OR hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.04 OR Criteria meets HP Security Bulletin HPSBUX02791 HP-UX B.11.23 AND filesets tests hpuxws22APCH32.APACHE version is less than B.2.2.15.13 OR hpuxws22APCH32.APACHE2 version is less than B.2.2.15.13 OR hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.15.13 OR hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_JK version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_JK2 version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_PERL version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.15.13 OR hpuxws22APCH32.PHP version is less than B.2.2.15.13 OR hpuxws22APCH32.PHP2 version is less than B.2.2.15.13 OR hpuxws22APCH32.WEBPROXY version is less than B.2.2.15.13 OR hpuxws22APCH32.WEBPROXY2 version is less than B.2.2.15.13 OR hpuxws22APACHE.APACHE version is less than B.2.2.15.13 OR hpuxws22APACHE.APACHE2 version is less than B.2.2.15.13 OR hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.15.13 OR hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_JK version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_JK2 version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_PERL version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.15.13 OR hpuxws22APACHE.PHP version is less than B.2.2.15.13 OR hpuxws22APACHE.PHP2 version is less than B.2.2.15.13 OR hpuxws22APACHE.WEBPROXY version is less than B.2.2.15.13 OR hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.15.13 OR Criteria meets HP Security Bulletin HPSBUX02791 HP-UX B.11.31 AND filesets tests hpuxws22APCH32.APACHE version is less than B.2.2.15.13 OR hpuxws22APCH32.APACHE2 version is less than B.2.2.15.13 OR hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.15.13 OR hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_JK version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_JK2 version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_PERL version is less than B.2.2.15.13 OR hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.15.13 OR hpuxws22APCH32.PHP version is less than B.2.2.15.13 OR hpuxws22APCH32.PHP2 version is less than B.2.2.15.13 OR hpuxws22APCH32.WEBPROXY version is less than B.2.2.15.13 OR hpuxws22APCH32.WEBPROXY2 version is less than B.2.2.15.13 OR hpuxws22APACHE.APACHE version is less than B.2.2.15.13 OR hpuxws22APACHE.APACHE2 version is less than B.2.2.15.13 OR hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.15.13 OR hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_JK version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_JK2 version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_PERL version is less than B.2.2.15.13 OR hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.15.13 OR hpuxws22APACHE.PHP version is less than B.2.2.15.13 OR hpuxws22APACHE.PHP2 version is less than B.2.2.15.13 OR hpuxws22APACHE.WEBPROXY version is less than B.2.2.15.13 OR hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.15.13

BACK