oval:org.mitre.oval:def:23278

Definition Id: oval:org.mitre.oval:def:23278
 
Oval ID: oval:org.mitre.oval:def:23278
Title: ELSA-2012:1045: php security update (Moderate)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
Family: unix Class: patch
Reference(s): ELSA-2012:1045-00
CVE-2011-4153
CVE-2012-0057
CVE-2012-0789
CVE-2012-1172
CVE-2012-2336
Version: 25
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15459
 
Oval ID: oval:org.mitre.oval:def:15459
Title: Oracle Linux 5.x
Description: The operating system installed on the system is Oracle Linux 5.x
Family: unix Class: inventory
Reference(s): cpe:/o:oracle:linux:5
Version: 7
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:23278