CVE-2012-0830 - The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to exe

CVE-2012-0830

Summary

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

References

Vulnerable Configurations

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 13-02-2023 - 03:26)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	786686
title	CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment php53 is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092001
comment php53 is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196002
AND
comment php53-bcmath is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092003
comment php53-bcmath is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196004
AND
comment php53-cli is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092005
comment php53-cli is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196006
AND
comment php53-common is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092007
comment php53-common is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196008
AND
comment php53-dba is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092009
comment php53-dba is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196010
AND
comment php53-devel is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092011
comment php53-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196012
AND
comment php53-gd is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092013
comment php53-gd is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196014
AND
comment php53-imap is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092015
comment php53-imap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196016
AND
comment php53-intl is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092017
comment php53-intl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196018
AND
comment php53-ldap is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092019
comment php53-ldap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196020

AND

comment php53-mbstring is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092021
comment php53-mbstring is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196022

AND
comment php53-mysql is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092023
comment php53-mysql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196024
AND
comment php53-odbc is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092025
comment php53-odbc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196026
AND
comment php53-pdo is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092027
comment php53-pdo is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196028
AND
comment php53-pgsql is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092029
comment php53-pgsql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196030

AND

comment php53-process is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092031
comment php53-process is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196032

AND
comment php53-pspell is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092033
comment php53-pspell is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196034
AND
comment php53-snmp is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092035
comment php53-snmp is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196036
AND
comment php53-soap is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092037
comment php53-soap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196038
AND
comment php53-xml is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092039
comment php53-xml is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196040
AND
comment php53-xmlrpc is earlier than 0:5.3.3-1.el5_7.6
oval oval:com.redhat.rhsa:tst:20120092041
comment php53-xmlrpc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110196042

rhsa

id	RHSA-2012:0092
released	2012-02-02
severity	Critical
title	RHSA-2012:0092: php53 security update (Critical)

bugzilla

id	786686
title	CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment php is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093001
comment php is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276002
AND
comment php-devel is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093003
comment php-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276004
AND
comment php-domxml is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093005
comment php-domxml is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276006
AND
comment php-gd is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093007
comment php-gd is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276008
AND
comment php-imap is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093009
comment php-imap is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276010
AND
comment php-ldap is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093011
comment php-ldap is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276012
AND
comment php-mbstring is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093013
comment php-mbstring is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276014
AND
comment php-mysql is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093015
comment php-mysql is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276016
AND
comment php-ncurses is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093017
comment php-ncurses is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276018
AND
comment php-odbc is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093019
comment php-odbc is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276020
AND
comment php-pear is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093021
comment php-pear is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276022
AND
comment php-pgsql is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093023
comment php-pgsql is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276024
AND
comment php-snmp is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093025
comment php-snmp is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276026
AND
comment php-xmlrpc is earlier than 0:4.3.9-3.36
oval oval:com.redhat.rhsa:tst:20120093027
comment php-xmlrpc is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060276028

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment php is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093030
comment php is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082002
AND
comment php-bcmath is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093032
comment php-bcmath is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082004
AND
comment php-cli is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093034
comment php-cli is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082006
AND
comment php-common is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093036
comment php-common is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082008
AND
comment php-dba is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093038
comment php-dba is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082010
AND
comment php-devel is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093040
comment php-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082012
AND
comment php-gd is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093042
comment php-gd is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082014
AND
comment php-imap is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093044
comment php-imap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082016
AND
comment php-ldap is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093046
comment php-ldap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082018

AND

comment php-mbstring is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093048
comment php-mbstring is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082020

AND
comment php-mysql is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093050
comment php-mysql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082022
AND
comment php-ncurses is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093052
comment php-ncurses is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082024
AND
comment php-odbc is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093054
comment php-odbc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082026
AND
comment php-pdo is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093056
comment php-pdo is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082028
AND
comment php-pgsql is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093058
comment php-pgsql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082030
AND
comment php-snmp is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093060
comment php-snmp is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082032
AND
comment php-soap is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093062
comment php-soap is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082034
AND
comment php-xml is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093064
comment php-xml is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082036
AND
comment php-xmlrpc is earlier than 0:5.1.6-27.el5_7.5
oval oval:com.redhat.rhsa:tst:20120093066
comment php-xmlrpc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070082038

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment php is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093069
comment php is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195002
AND
comment php-bcmath is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093071
comment php-bcmath is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195004
AND
comment php-cli is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093073
comment php-cli is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195006
AND
comment php-common is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093075
comment php-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195008
AND
comment php-dba is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093077
comment php-dba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195010
AND
comment php-devel is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093079
comment php-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195012

AND

comment php-embedded is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093081
comment php-embedded is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195014

AND
comment php-enchant is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093083
comment php-enchant is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195016
AND
comment php-gd is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093085
comment php-gd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195018
AND
comment php-imap is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093087
comment php-imap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195020
AND
comment php-intl is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093089
comment php-intl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195022
AND
comment php-ldap is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093091
comment php-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195024

AND

comment php-mbstring is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093093
comment php-mbstring is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195026

AND
comment php-mysql is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093095
comment php-mysql is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195028
AND
comment php-odbc is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093097
comment php-odbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195030
AND
comment php-pdo is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093099
comment php-pdo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195032
AND
comment php-pgsql is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093101
comment php-pgsql is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195034
AND
comment php-process is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093103
comment php-process is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195036
AND
comment php-pspell is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093105
comment php-pspell is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195038
AND
comment php-recode is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093107
comment php-recode is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195040
AND
comment php-snmp is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093109
comment php-snmp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195042
AND
comment php-soap is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093111
comment php-soap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195044
AND
comment php-tidy is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093113
comment php-tidy is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195046
AND
comment php-xml is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093115
comment php-xml is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195048
AND
comment php-xmlrpc is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093117
comment php-xmlrpc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195050
AND
comment php-zts is earlier than 0:5.3.3-3.el6_2.6
oval oval:com.redhat.rhsa:tst:20120093119
comment php-zts is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110195052

rhsa

id	RHSA-2012:0093
released	2012-02-02
severity	Critical
title	RHSA-2012:0093: php security update (Critical)

rpms

php53-0:5.3.3-1.el5_7.6
php53-bcmath-0:5.3.3-1.el5_7.6
php53-cli-0:5.3.3-1.el5_7.6
php53-common-0:5.3.3-1.el5_7.6
php53-dba-0:5.3.3-1.el5_7.6
php53-debuginfo-0:5.3.3-1.el5_7.6
php53-devel-0:5.3.3-1.el5_7.6
php53-gd-0:5.3.3-1.el5_7.6
php53-imap-0:5.3.3-1.el5_7.6
php53-intl-0:5.3.3-1.el5_7.6
php53-ldap-0:5.3.3-1.el5_7.6
php53-mbstring-0:5.3.3-1.el5_7.6
php53-mysql-0:5.3.3-1.el5_7.6
php53-odbc-0:5.3.3-1.el5_7.6
php53-pdo-0:5.3.3-1.el5_7.6
php53-pgsql-0:5.3.3-1.el5_7.6
php53-process-0:5.3.3-1.el5_7.6
php53-pspell-0:5.3.3-1.el5_7.6
php53-snmp-0:5.3.3-1.el5_7.6
php53-soap-0:5.3.3-1.el5_7.6
php53-xml-0:5.3.3-1.el5_7.6
php53-xmlrpc-0:5.3.3-1.el5_7.6
php-0:4.3.9-3.36
php-0:5.1.6-27.el5_7.5
php-0:5.3.3-3.el6_2.6
php-bcmath-0:5.1.6-27.el5_7.5
php-bcmath-0:5.3.3-3.el6_2.6
php-cli-0:5.1.6-27.el5_7.5
php-cli-0:5.3.3-3.el6_2.6
php-common-0:5.1.6-27.el5_7.5
php-common-0:5.3.3-3.el6_2.6
php-dba-0:5.1.6-27.el5_7.5
php-dba-0:5.3.3-3.el6_2.6
php-debuginfo-0:4.3.9-3.36
php-debuginfo-0:5.1.6-27.el5_7.5
php-debuginfo-0:5.3.3-3.el6_2.6
php-devel-0:4.3.9-3.36
php-devel-0:5.1.6-27.el5_7.5
php-devel-0:5.3.3-3.el6_2.6
php-domxml-0:4.3.9-3.36
php-embedded-0:5.3.3-3.el6_2.6
php-enchant-0:5.3.3-3.el6_2.6
php-gd-0:4.3.9-3.36
php-gd-0:5.1.6-27.el5_7.5
php-gd-0:5.3.3-3.el6_2.6
php-imap-0:4.3.9-3.36
php-imap-0:5.1.6-27.el5_7.5
php-imap-0:5.3.3-3.el6_2.6
php-intl-0:5.3.3-3.el6_2.6
php-ldap-0:4.3.9-3.36
php-ldap-0:5.1.6-27.el5_7.5
php-ldap-0:5.3.3-3.el6_2.6
php-mbstring-0:4.3.9-3.36
php-mbstring-0:5.1.6-27.el5_7.5
php-mbstring-0:5.3.3-3.el6_2.6
php-mysql-0:4.3.9-3.36
php-mysql-0:5.1.6-27.el5_7.5
php-mysql-0:5.3.3-3.el6_2.6
php-ncurses-0:4.3.9-3.36
php-ncurses-0:5.1.6-27.el5_7.5
php-odbc-0:4.3.9-3.36
php-odbc-0:5.1.6-27.el5_7.5
php-odbc-0:5.3.3-3.el6_2.6
php-pdo-0:5.1.6-27.el5_7.5
php-pdo-0:5.3.3-3.el6_2.6
php-pear-0:4.3.9-3.36
php-pgsql-0:4.3.9-3.36
php-pgsql-0:5.1.6-27.el5_7.5
php-pgsql-0:5.3.3-3.el6_2.6
php-process-0:5.3.3-3.el6_2.6
php-pspell-0:5.3.3-3.el6_2.6
php-recode-0:5.3.3-3.el6_2.6
php-snmp-0:4.3.9-3.36
php-snmp-0:5.1.6-27.el5_7.5
php-snmp-0:5.3.3-3.el6_2.6
php-soap-0:5.1.6-27.el5_7.5
php-soap-0:5.3.3-3.el6_2.6
php-tidy-0:5.3.3-3.el6_2.6
php-xml-0:5.1.6-27.el5_7.5
php-xml-0:5.3.3-3.el6_2.6
php-xmlrpc-0:4.3.9-3.36
php-xmlrpc-0:5.1.6-27.el5_7.5
php-xmlrpc-0:5.3.3-3.el6_2.6
php-zts-0:5.3.3-3.el6_2.6

refmap via4

apple	APPLE-SA-2012-05-09-1
bid	51830
confirm	http://support.apple.com/kb/HT5281 http://svn.php.net/viewvc?view=revision&revision=323007 http://www.php.net/ChangeLog-5.php#5.3.10
debian	DSA-2403
hp	HPSBMU02786 HPSBUX02791 SSRT100856 SSRT100877
misc	http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html https://gist.github.com/1725489
mlist	[oss-security] 20120202 PHP remote code execution introduced via HashDoS fix [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix
osvdb	78819
sectrack	1026631
secunia	47801 47806 47813 48668
suse	SUSE-SU-2012:0411 openSUSE-SU-2012:0426
xf	php-phpregistervariableex-code-exec(72911)

Last major update

13-02-2023 - 03:26

Published

06-02-2012 - 20:55

Last modified

13-02-2023 - 03:26