CVE-2012-0788

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
phpphp
𝑥
≤ 5.3.8
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
phpphp
5.3.5
phpphp
5.3.6
phpphp
5.3.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
oneiric
Fixed 5.3.6-13ubuntu3.5
released
natty
Fixed 5.3.5-1ubuntu7.6
released
maverick
Fixed 5.3.3-1ubuntu9.9
released
lucid
Fixed 5.3.2-1ubuntu4.13
released
hardy
Fixed 5.2.4-2ubuntu5.22
released