‫ PHP PHP-CGI QUERY_STRING Parameter Vulnerability

IRCAD2012051897
ID: IRCAD2012051897
Release Date: 2012-05-04
Criticality level: Highly critical
 
Software:
PHP 5.3.x
PHP 5.4.x
 
Description:
De Eindbazen has reported a vulnerability in PHP, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.
The vulnerability is caused due to an error when parsing certain QUERY_STRING parameters. This can be exploited to e.g. disclose the PHP source code or execute arbitrary code.
The vulnerability is reported in versions 5.3.12 and prior and versions 5.4.2 and prior.
 
Solution
Apply patch or workaround.
 
References:
PHP:
De Eindbazen:
US-CERT VU#520827:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 16 اردیبهشت 1391

امتیاز

امتیاز شما
تعداد امتیازها:0