NVD

Id
43179  
Name
CVE-2012-1172  
Description
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-05-23  
Modified Date
2012-09-21  
Seq
2012-1172  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
217383 43179 CVE-2012-1172 http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/  View
217384 43179 CVE-2012-1172 APPLE-SA-2012-09-19-2  View
217385 43179 CVE-2012-1172 FEDORA-2012-6911  View
217386 43179 CVE-2012-1172 FEDORA-2012-6907  View
217387 43179 CVE-2012-1172 FEDORA-2012-6869  View
217388 43179 CVE-2012-1172 SSRT100856  View
217389 43179 CVE-2012-1172 [oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern  View
217390 43179 CVE-2012-1172 http://support.apple.com/kb/HT5501  View
217391 43179 CVE-2012-1172 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664  View
217392 43179 CVE-2012-1172 http://svn.php.net/viewvc?view=revision&revision=321664  View
217393 43179 CVE-2012-1172 http://www.php.net/ChangeLog-5.php#5.4.0  View
217394 43179 CVE-2012-1172 https://bugs.php.net/bug.php?id=48597  View
217395 43179 CVE-2012-1172 https://bugs.php.net/bug.php?id=49683  View
217396 43179 CVE-2012-1172 https://bugs.php.net/bug.php?id=54374  View
217397 43179 CVE-2012-1172 https://bugs.php.net/bug.php?id=55500  View
217398 43179 CVE-2012-1172 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/  View
217399 43179 CVE-2012-1172 https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26805 JVNDB-2012-002512 PHP のファイルアップロードの実装におけるサービス運用妨害 (DoS) の脆弱性 PHP の rfc1867.c 内のファイルアップロードの実装は、name 値に含まれる無効な [ (始め角括弧) の文字を適切に処理しないため、サービス運用妨害 (不正な $_FILES のインデックス) 状態となる、または複数のファイルがアップロードされる際に、ディレクトリトラバーサル攻撃を実行される脆弱性が存在します。 CVE-2012-1172 54410 CVE-2012-1172 43179 5.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002512.html 2012-03-01 2013-12-02 View