NVD

Id
42881  
Name
CVE-2012-0807  
Description
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-01-26  
Modified Date
2012-06-27  
Seq
2012-0807  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
215751 42881 CVE-2012-0807 20120119 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow  View
215752 42881 CVE-2012-0807 openSUSE-SU-2012:0426  View
215753 42881 CVE-2012-0807 [oss-security] 20120124 Re: CVE requests: Suhosin extension / as31  View
215754 42881 CVE-2012-0807 [oss-security] 20120124 CVE requests: Suhosin extension / as31  View
215755 42881 CVE-2012-0807 https://bugzilla.redhat.com/show_bug.cgi?id=783350  View
215756 42881 CVE-2012-0807 https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25521 JVNDB-2012-001228 PHP 用 Suhosin におけるスタックベースのバッファオーバフローの脆弱性 PHP 用 Suhosin の透過的 Cookie 暗号化機能の suhosin_encrypt_single_cookie 関数には、suhosin.cookie.encrypt および suhosin.multiheader が有効な際、スタックベースのバッファオーバフローの脆弱性が存在します。 CVE-2012-0807 54045 CVE-2012-0807 42881 5.1 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001228.html 2012-01-27 2012-01-30 View