VDB
CVE-2012-0807
CVE-2012-0807
PUBLISHED
CVSS 5.099999904632568 MEDIUM
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.
EPSS 4.81% · 89.7th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
4.81%
89.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| hardened-php | suhosin | 0, 0.9.0, 0.9.3 |
Timeline
- Jan 27, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=783350 url
- [oss-security] 20120124 Re: CVE requests: Suhosin extension / as31 mailing-list
- SUSE-SU-2012:0411 vendor-advisory
- openSUSE-SU-2012:0426 vendor-advisory
- [oss-security] 20120124 CVE requests: Suhosin extension / as31 mailing-list
- SUSE-SU-2012:0472 vendor-advisory
- 48668 third-party-advisory
- 20120119 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow mailing-list
- https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa url
- https://nvd.nist.gov/vuln/detail/CVE-2012-0807 advisory