Vulnerability Description
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 5.3.6 |
Related Weaknesses (CWE)
References
- http://bugs.php.net/bug.php?id=54939
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://openwall.com/lists/oss-security/2011/06/12/5Patch
- http://openwall.com/lists/oss-security/2011/06/13/15Patch
- http://pastebin.com/1edSuSVNExploit
- http://rhn.redhat.com/errata/RHSA-2012-0071.html
- http://secunia.com/advisories/44874Vendor Advisory
- http://securitytracker.com/id?1025659
- http://support.apple.com/kb/HT5130
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&Patch
- http://svn.php.net/viewvc?view=revision&revision=312103Patch
- http://www.debian.org/security/2011/dsa-2266
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
FAQ
What is CVE-2011-2202?
CVE-2011-2202 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute pat...
How severe is CVE-2011-2202?
CVE-2011-2202 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2202?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.