Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

php5: directory traversal attack

Package(s):

php5

CVE #(s):

CVE-2012-1172

Created:

April 23, 2012

Updated:

July 2, 2012

Description:

From the openSUSE advisory:

Scripts that accept multiple file uploads in a single request were potentially vulnerable to a directory traversal attack.

Alerts:

openSUSE	openSUSE-SU-2012:0551-1	2012-04-23
Mandriva	MDVSA-2012:065	2012-04-27
Fedora	FEDORA-2012-6907	2012-05-07
Fedora	FEDORA-2012-6911	2012-05-07
Fedora	FEDORA-2012-6907	2012-05-07
Fedora	FEDORA-2012-6911	2012-05-07
Fedora	FEDORA-2012-6907	2012-05-07
Fedora	FEDORA-2012-6911	2012-05-07
Debian	DSA-2465-1	2012-05-09
SUSE	SUSE-SU-2012:0598-1	2012-05-09
SUSE	SUSE-SU-2012:0598-2	2012-05-09
Mandriva	MDVSA-2012:071	2012-05-10
SUSE	SUSE-SU-2012:0604-1	2012-05-09
Ubuntu	USN-1481-1	2012-06-19
Red Hat	RHSA-2012:1045-01	2012-06-27
Red Hat	RHSA-2012:1046-01	2012-06-27
Red Hat	RHSA-2012:1047-01	2012-06-27
CentOS	CESA-2012:1045	2012-06-27
CentOS	CESA-2012:1047	2012-06-27
Oracle	ELSA-2012-1045	2012-06-28
Oracle	ELSA-2012-1047	2012-06-28
Oracle	ELSA-2012-1046	2012-06-30
Scientific Linux	SL-php-20120705	2012-07-05
Scientific Linux	SL-php5-20120705	2012-07-05
Scientific Linux	SL-php-20120709	2012-07-09
CentOS	CESA-2012:1046	2012-07-10
Gentoo	201209-03	2012-09-23

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds