CVE-2012-0788

EUVD-2012-0819
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.3.8
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
phpphp
5.3.5
phpphp
5.3.6
phpphp
5.3.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
hardy
Fixed 5.2.4-2ubuntu5.22
released
lucid
Fixed 5.3.2-1ubuntu4.13
released
maverick
Fixed 5.3.3-1ubuntu9.9
released
natty
Fixed 5.3.5-1ubuntu7.6
released
oneiric
Fixed 5.3.6-13ubuntu3.5
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://secunia.com/advisories/48668
http://www.php.net/ChangeLog-5.php#5.3.9
https://bugs.php.net/bug.php?id=55776
https://bugzilla.redhat.com/show_bug.cgi?id=783605
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://secunia.com/advisories/48668
http://www.php.net/ChangeLog-5.php#5.3.9
https://bugs.php.net/bug.php?id=55776
https://bugzilla.redhat.com/show_bug.cgi?id=783605