Vulnerability Details : CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
Vulnerability category: Directory traversalInput validationDenial of service
Products affected by CVE-2012-1172
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*
Threat overview for CVE-2012-1172
Top countries where our scanners detected CVE-2012-1172
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-1172 200,194
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-1172!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-1172
2.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1172
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2012-1172
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1172
-
https://bugs.php.net/bug.php?id=54374
PHP :: Bug #54374 :: Insufficient validating of upload name leading to corrupted $_FILES indicesExploit
-
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Apple - Lists.apple.com
-
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
[security-announce] SUSE-SU-2012:0598-1: critical: Security update for P
-
http://openwall.com/lists/oss-security/2012/03/13/4
oss-security - Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern
-
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664
PHP: Diff of /php/php-src/branches/PHP_5_4/main/rfc1867.cPatch
-
https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
Directory Traversal via PHP Multi-FileĀ Uploads Ā» Neal PooleExploit
-
https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf
Exploit
-
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
[security-announce] SUSE-SU-2012:0604-1: critical: Security update for P
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
[SECURITY] Fedora 15 Update: php-5.3.11-1.fc15
-
http://marc.info/?l=bugtraq&m=134012830914727&w=2
'[security bulletin] HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execu' - MARC
-
http://svn.php.net/viewvc?view=revision&revision=321664
PHP: Revision 321664
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
[SECURITY] Fedora 17 Update: php-5.4.1-1.fc17
-
http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/
Exploit
-
https://bugs.php.net/bug.php?id=48597
PHP :: Bug #48597 :: Unclosed array keys break space escaping in $_GET/POST/REQUESTExploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
[SECURITY] Fedora 16 Update: php-5.3.11-1.fc16
-
https://bugs.php.net/bug.php?id=49683
PHP :: Bug #49683 :: $_FILES overwrite
-
https://bugs.php.net/bug.php?id=55500
PHP :: You must be logged in
-
http://support.apple.com/kb/HT5501
About the security content of OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 - Apple Support
-
http://www.php.net/ChangeLog-5.php#5.4.0
PHP: PHP 5 ChangeLog
-
http://www.debian.org/security/2012/dsa-2465
Debian -- Security Information -- DSA-2465-1 php5
Jump to