Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:PHP:REGISTER-VARIABLE-CE

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 PHP php_register_variable_ex Function Code Execution

Release Date

 2013/01/07

Update Number

 2222

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: PHP php_register_variable_ex Function Code Execution


This signature detects attempts to exploit a known vulnerability against PHP php_register_variable_ex Function. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Extended Description

PHP is prone to an arbitrary-code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploits will result in a denial-of-service condition. This issue is introduced in the fix for CVE-2011-4885 (BID 51193). PHP 5.3.9 is vulnerable; other versions may also be affected.

Affected Products

  • Apple mac_os_x 10.7
  • Apple mac_os_x 10.7.1
  • Apple mac_os_x 10.7.2
  • Apple mac_os_x 10.7.3
  • Apple mac_os_x_server 10.7
  • Apple mac_os_x_server 10.7.1
  • Apple mac_os_x_server 10.7.2
  • Apple mac_os_x_server 10.7.3
  • Avaya aura_application_enablement_services 5.2
  • Avaya aura_application_enablement_services 5.2.1
  • Avaya aura_application_enablement_services 5.2.2
  • Avaya aura_application_enablement_services 5.2.3
  • Avaya aura_application_enablement_services 6.1
  • Avaya aura_application_enablement_services 6.1.1
  • Avaya aura_communication_manager 6.0
  • Avaya aura_communication_manager 6.0.1
  • Avaya aura_communication_manager_utility_services 6.0
  • Avaya aura_communication_manager_utility_services 6.1
  • Avaya aura_messaging 6.0
  • Avaya aura_messaging 6.0.1
  • Avaya aura_session_manager 1.1
  • Avaya aura_session_manager 5.2
  • Avaya ip_office_application_server 6.0
  • Avaya ip_office_application_server 6.1
  • Avaya ip_office_application_server 7.0
  • Avaya ip_office_application_server 8.0
  • Avaya voice_portal 5.0
  • Avaya voice_portal 5.0 SP1
  • Avaya voice_portal 5.0 SP2
  • Avaya voice_portal 5.1
  • Avaya voice_portal 5.1.1
  • Avaya voice_portal 5.1.2
  • Avaya voice_portal 5.1 SP1
  • Debian linux 6.0 amd64
  • Debian linux 6.0 arm
  • Debian linux 6.0 ia-32
  • Debian linux 6.0 ia-64
  • Debian linux 6.0 mips
  • Debian linux 6.0 powerpc
  • Debian linux 6.0 s/390
  • Debian linux 6.0 sparc
  • Hp hp-ux B.11.23
  • Hp hp-ux B.11.31
  • Hp system_management_homepage 6.0
  • Hp system_management_homepage 6.1
  • Hp system_management_homepage 6.2
  • Hp system_management_homepage 6.3
  • Hp system_management_homepage 7.0
  • Hp system_management_homepage 7.1
  • Mandriva enterprise_server 5
  • Mandriva enterprise_server 5 X86 64
  • Mandriva linux_mandrake 2010.1
  • Mandriva linux_mandrake 2010.1 X86 64
  • Mandriva linux_mandrake 2011
  • Mandriva linux_mandrake 2011 x86_64
  • Php php 5.3.5
  • Php php 5.3.6
  • Php php 5.3.7
  • Php php 5.3.8
  • Php php 5.3.9
  • Red_hat enterprise_linux 5 Server
  • Red_hat enterprise_linux Desktop Version 4
  • Red_hat enterprise_linux_as 4
  • Red_hat enterprise_linux_desktop_optional 6
  • Red_hat enterprise_linux_desktop_workstation 5 Client
  • Red_hat enterprise_linux_es 4
  • Red_hat enterprise_linux_hpc_node 6
  • Red_hat enterprise_linux_hpc_node_optional 6
  • Red_hat enterprise_linux_server 6
  • Red_hat enterprise_linux_server_optional 6
  • Red_hat enterprise_linux_workstation 6
  • Red_hat enterprise_linux_workstation_optional 6
  • Red_hat enterprise_linux_ws 4
  • Red_hat fedora 15
  • Slackware linux 12.0
  • Slackware linux 12.1
  • Slackware linux 12.2
  • Slackware linux 13.0
  • Slackware linux 13.0 X86 64
  • Slackware linux 13.1
  • Slackware linux 13.1 X86 64
  • Slackware linux 13.37
  • Slackware linux 13.37 x86_64
  • Slackware linux -Current
  • Slackware linux X86 64 -Current
  • Suse suse_linux_enterprise_sdk 10 SP4
  • Suse suse_linux_enterprise_sdk 11 SP1
  • Suse suse_linux_enterprise_sdk 11 SP2
  • Suse suse_linux_enterprise_server 10 SP4
  • Suse suse_linux_enterprise_server 11 SP1
  • Suse suse_linux_enterprise_server 11 SP2
  • Suse suse_linux_enterprise_server_for_vmware 11 SP1
  • Turbolinux 11_server x64
  • Turbolinux 11_server
  • Turbolinux appliance_server 3.0
  • Turbolinux appliance_server 3.0 X64
  • Turbolinux client 2008
  • Ubuntu ubuntu_linux 10.04 Amd64
  • Ubuntu ubuntu_linux 10.04 ARM
  • Ubuntu ubuntu_linux 10.04 I386
  • Ubuntu ubuntu_linux 10.04 Powerpc
  • Ubuntu ubuntu_linux 10.04 Sparc
  • Ubuntu ubuntu_linux 10.10 amd64
  • Ubuntu ubuntu_linux 10.10 ARM
  • Ubuntu ubuntu_linux 10.10 i386
  • Ubuntu ubuntu_linux 10.10 powerpc
  • Ubuntu ubuntu_linux 11.04 amd64
  • Ubuntu ubuntu_linux 11.04 ARM
  • Ubuntu ubuntu_linux 11.04 i386
  • Ubuntu ubuntu_linux 11.04 powerpc
  • Ubuntu ubuntu_linux 11.10 amd64
  • Ubuntu ubuntu_linux 11.10 i386
  • Ubuntu ubuntu_linux 8.04 LTS Amd64
  • Ubuntu ubuntu_linux 8.04 LTS I386
  • Ubuntu ubuntu_linux 8.04 LTS Lpia
  • Ubuntu ubuntu_linux 8.04 LTS Powerpc
  • Ubuntu ubuntu_linux 8.04 LTS Sparc

References

  • BugTraq: 51830
  • CVE: CVE-2012-0830

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out