CVE-2012-0807

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.
Severity
UNKNOWN
AV:N/AC:H/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
hardened-phpsuhosin
𝑥
≤ 0.9.31
hardened-phpsuhosin
0.9.0
hardened-phpsuhosin
0.9.1
hardened-phpsuhosin
0.9.2
hardened-phpsuhosin
0.9.3
hardened-phpsuhosin
0.9.4
hardened-phpsuhosin
0.9.5
hardened-phpsuhosin
0.9.6
hardened-phpsuhosin
0.9.6.1
hardened-phpsuhosin
0.9.6.2
hardened-phpsuhosin
0.9.6.3
hardened-phpsuhosin
0.9.7
hardened-phpsuhosin
0.9.8
hardened-phpsuhosin
0.9.9
hardened-phpsuhosin
0.9.9.1
hardened-phpsuhosin
0.9.10
hardened-phpsuhosin
0.9.11
hardened-phpsuhosin
0.9.12
hardened-phpsuhosin
0.9.13
hardened-phpsuhosin
0.9.14
hardened-phpsuhosin
0.9.15
hardened-phpsuhosin
0.9.16
hardened-phpsuhosin
0.9.17
hardened-phpsuhosin
0.9.18
hardened-phpsuhosin
0.9.19
hardened-phpsuhosin
0.9.20
hardened-phpsuhosin
0.9.21
hardened-phpsuhosin
0.9.22
hardened-phpsuhosin
0.9.23
hardened-phpsuhosin
0.9.24
hardened-phpsuhosin
0.9.25
hardened-phpsuhosin
0.9.26
hardened-phpsuhosin
0.9.27
hardened-phpsuhosin
0.9.28
hardened-phpsuhosin
0.9.29
hardened-phpsuhosin
0.9.30
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-suhosin
saucy
dne
raring
dne
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored