Oval Definition:oval:org.mitre.oval:def:23278
Revision Date:2014-05-26Version:32
Title:ELSA-2012:1045: php security update (Moderate)
Description:sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2011-4153
CVE-2012-0057
CVE-2012-0789
CVE-2012-1172
CVE-2012-2336
ELSA-2012:1045-00
Platform(s):Oracle Linux 5
Product(s):php
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • php-ncurses is earlier than 0:5.1.6-39.el5_8
  • OR php-gd is earlier than 0:5.1.6-39.el5_8
  • OR php is earlier than 0:5.1.6-39.el5_8
  • OR php-ldap is earlier than 0:5.1.6-39.el5_8
  • OR php-xmlrpc is earlier than 0:5.1.6-39.el5_8
  • OR php-mbstring is earlier than 0:5.1.6-39.el5_8
  • OR php-cli is earlier than 0:5.1.6-39.el5_8
  • OR php-mysql is earlier than 0:5.1.6-39.el5_8
  • OR php-devel is earlier than 0:5.1.6-39.el5_8
  • OR php-dba is earlier than 0:5.1.6-39.el5_8
  • OR php-xml is earlier than 0:5.1.6-39.el5_8
  • OR php-odbc is earlier than 0:5.1.6-39.el5_8
  • OR php-snmp is earlier than 0:5.1.6-39.el5_8
  • OR php-common is earlier than 0:5.1.6-39.el5_8
  • OR php-imap is earlier than 0:5.1.6-39.el5_8
  • OR php-soap is earlier than 0:5.1.6-39.el5_8
  • OR php-pgsql is earlier than 0:5.1.6-39.el5_8
  • OR php-pdo is earlier than 0:5.1.6-39.el5_8
  • OR php-bcmath is earlier than 0:5.1.6-39.el5_8
    • BACK