CVE-2012-1172: Input Validation

First published: Thu May 24 2012(Updated: )

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
PHP PHP	<=5.3.10
PHP PHP	=5.0.0
PHP PHP	=5.0.0-beta1
PHP PHP	=5.0.0-beta2
PHP PHP	=5.0.0-beta3
PHP PHP	=5.0.0-beta4
PHP PHP	=5.0.0-rc1
PHP PHP	=5.0.0-rc2
PHP PHP	=5.0.0-rc3
PHP PHP	=5.0.1
PHP PHP	=5.0.2
PHP PHP	=5.0.3
PHP PHP	=5.0.4
PHP PHP	=5.0.5
PHP PHP	=5.1.0
PHP PHP	=5.1.1
PHP PHP	=5.1.2
PHP PHP	=5.1.3
PHP PHP	=5.1.4
PHP PHP	=5.1.5
PHP PHP	=5.1.6
PHP PHP	=5.2.0
PHP PHP	=5.2.1
PHP PHP	=5.2.2
PHP PHP	=5.2.3
PHP PHP	=5.2.4
PHP PHP	=5.2.5
PHP PHP	=5.2.6
PHP PHP	=5.2.7
PHP PHP	=5.2.8
PHP PHP	=5.2.9
PHP PHP	=5.2.10
PHP PHP	=5.2.11
PHP PHP	=5.2.12
PHP PHP	=5.2.13
PHP PHP	=5.2.14
PHP PHP	=5.2.15
PHP PHP	=5.2.16
PHP PHP	=5.2.17
PHP PHP	=5.3.0
PHP PHP	=5.3.1
PHP PHP	=5.3.2
PHP PHP	=5.3.3
PHP PHP	=5.3.4
PHP PHP	=5.3.5
PHP PHP	=5.3.6
PHP PHP	=5.3.7
PHP PHP	=5.3.8
PHP PHP	=5.3.9

Remedy

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664

CVE-2012-1172: Input Validation

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact