{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=61807"}, {"name": "php-apacherequestheaders-bo(75545)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"}, {"name": "49014", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49014"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"}, {"name": "53455", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53455"}, {"name": "SSRT100992", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"name": "HPSBMU02900", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-5.php#5.4.3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2329", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=61807", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=61807"}, {"name": "php-apacherequestheaders-bo(75545)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"}, {"name": "49014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49014"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=820000", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"}, {"name": "http://www.php.net/archive/2012.php#id2012-05-08-1", "refsource": "CONFIRM", "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"}, {"name": "53455", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53455"}, {"name": "SSRT100992", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"name": "HPSBMU02900", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"name": "http://www.php.net/ChangeLog-5.php#5.4.3", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php#5.4.3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:34:23.733Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=61807"}, {"name": "php-apacherequestheaders-bo(75545)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"}, {"name": "49014", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49014"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"}, {"name": "53455", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53455"}, {"name": "SSRT100992", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"name": "HPSBMU02900", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-5.php#5.4.3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2329", "datePublished": "2012-05-11T10:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:34:23.733Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request."}, {"lang": "es", "value": "Desbordamiento de buffer en la funci\u00f3n apache_request_headers de sapi/cgi/cgi_main.c de PHP 5.4.x anteriores a la 5.4.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una cadena extensa en la cabecera de una petici\u00f3n HTTP."}], "id": "CVE-2012-2329", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-11T10:15:48.263", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/49014"}, {"source": "secalert@redhat.com", "url": "http://www.php.net/ChangeLog-5.php#5.4.3"}, {"source": "secalert@redhat.com", "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53455"}, {"source": "secalert@redhat.com", "url": "https://bugs.php.net/bug.php?id=61807"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"}, {"source": "secalert@redhat.com", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"source": "secalert@redhat.com", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.php.net/ChangeLog-5.php#5.4.3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.php.net/bug.php?id=61807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "php: buffer overflow flaw in apache_request_headers() in PHP 5.4.x", "id": "820000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820000"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-697->CWE-119", "details": ["Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request."], "name": "CVE-2012-2329", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-2329\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-2329\nhttp://www.php.net/archive/2012.php#id2012-05-08-1"], "statement": "Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4, 5, or 6. This flaw only affects PHP 5.4.0 through 5.4.2.", "threat_severity": "Important"}