Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2004-2343)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (2.2.7)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9042)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4301)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.9.63)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities