Back to search
CVE-2012-0807
Published: Jan 27, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=783350
x_refsource_CONFIRM
[oss-security] 20120124 Re: CVE requests: Suhosin extension / as31
mailing-list
x_refsource_MLIST
SUSE-SU-2012:0411
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:0426
vendor-advisory
x_refsource_SUSE
[oss-security] 20120124 CVE requests: Suhosin extension / as31
mailing-list
x_refsource_MLIST
SUSE-SU-2012:0472
vendor-advisory
x_refsource_SUSE
48668
third-party-advisory
x_refsource_SECUNIA
20120119 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now