Lucene search
F5F5:K42143118HistoryOct 15, 2018 - 12:00 a.m.
K42143118 : PHP vulnerability CVE-2016-10712
2018-10-1500:00:00
my.f5.com
20
Security Advisory Description
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a “$uri = stream_get_meta_data(fopen($file, “r”))[‘uri’]” call mishandles the case where $file is data:text/plain;uri=eviluri, – in other words, metadata can be set by an attacker. (CVE-2016-10712)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
nvd
nvd
CVE-2016-10712
2018-02-09 06:29:00
openvas
openvas
PHP 'stream_get_meta_data' Privilege Escalation Vulnerability - Linux
2018-02-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0530-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for php5 (openSUSE-SU-2018:0538-1)
2018-02-25 00:00:00
cvelist
cvelist
CVE-2016-10712
2018-02-09 06:00:00
cve
cve
CVE-2016-10712
2018-02-09 06:29:00
suse
suse
Security update for php5 (important)
2018-02-23 15:07:31
Security update for php5 (important)
2018-02-24 15:08:48
Security update for php53 (important)
2018-03-26 15:08:04
nessus
nessus
SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0530-1)
2019-01-02 00:00:00
openSUSE Security Update : php5 (openSUSE-2018-209)
2018-02-26 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-3600-1)
2018-03-20 00:00:00
ubuntucve
ubuntucve
CVE-2016-10712
2018-02-09 00:00:00
osv
osv
CVE-2016-10712
2018-02-09 06:29:00
php5 - security update
2017-02-07 00:00:00
prion
prion
Design/Logic Flaw
2018-02-09 06:29:00
debiancve
debiancve
CVE-2016-10712
2018-02-09 06:29:00
ubuntu
ubuntu
PHP vulnerabilities
2018-03-19 00:00:00
PHP vulnerabilities
2019-05-22 00:00:00
ibm
ibm
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45