Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-2336
Description:sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
Test IDs: 1.3.6.1.4.1.25623.1.0.123893   1.3.6.1.4.1.25623.1.1.4.2012.0721.1   1.3.6.1.4.1.25623.1.1.4.2012.0840.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-2336
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: SSRT100992
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
http://secunia.com/advisories/49014
SuSE Security Announcement: SUSE-SU-2012:0721 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html
SuSE Security Announcement: SUSE-SU-2012:0840 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html




© 1998-2024 E-Soft Inc. All rights reserved.