Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hzpu-97n9-jqaa

Summary

Multiple vulnerabilities were found in PHP, the worst of which lead
    to remote execution of arbitrary code.

Aliases

alias	CVE-2012-2386

Fixed_packages

url	pkg:ebuild/dev-lang/php@5.3.15
purl	pkg:ebuild/dev-lang/php@5.3.15
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.3.15

url	pkg:ebuild/dev-lang/php@5.4.5
purl	pkg:ebuild/dev-lang/php@5.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.4.5

Affected_packages

url pkg:rpm/redhat/php@5.3.3-14?arch=el6_3

purl pkg:rpm/redhat/php@5.3.3-14?arch=el6_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2pjr-p6ge-nfa9

vulnerability	VCID-35a3-5eq3-8bep

vulnerability	VCID-3zy4-mx5a-yqbs

vulnerability	VCID-dd63-8v57-afad

vulnerability	VCID-hzpu-97n9-jqaa

vulnerability	VCID-krz2-adgm-kqe1

vulnerability	VCID-usmw-6d5u-tba8

vulnerability	VCID-vjm8-c1u4-wfab

vulnerability	VCID-zquc-69kh-yqdg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-14%3Farch=el6_3

url pkg:rpm/redhat/php53@5.3.3-13?arch=el5_8

purl pkg:rpm/redhat/php53@5.3.3-13?arch=el5_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2pjr-p6ge-nfa9

vulnerability	VCID-35a3-5eq3-8bep

vulnerability	VCID-3zy4-mx5a-yqbs

vulnerability	VCID-hzpu-97n9-jqaa

vulnerability	VCID-krz2-adgm-kqe1

vulnerability	VCID-usmw-6d5u-tba8

vulnerability	VCID-vjm8-c1u4-wfab

vulnerability	VCID-zquc-69kh-yqdg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-13%3Farch=el5_8

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2386.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2386

reference_id

reference_type

scores

value	0.28352
scoring_system	epss
scoring_elements	0.96478
published_at	2026-04-01T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96487
published_at	2026-04-02T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96491
published_at	2026-04-04T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96495
published_at	2026-04-07T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96503
published_at	2026-04-08T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96506
published_at	2026-04-09T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96509
published_at	2026-04-12T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96512
published_at	2026-04-13T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96518
published_at	2026-04-16T12:55:00Z

value	0.28352
scoring_system	epss
scoring_elements	0.96524
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2386

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=823594
reference_id	823594
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=823594

reference_url	https://security.gentoo.org/glsa/201209-03
reference_id	GLSA-201209-03
reference_type
scores
url	https://security.gentoo.org/glsa/201209-03

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/17201.php
reference_id	OSVDB-72399;CVE-2012-2386
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/17201.php

reference_url	https://access.redhat.com/errata/RHSA-2012:1046
reference_id	RHSA-2012:1046
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1046

reference_url	https://access.redhat.com/errata/RHSA-2012:1047
reference_id	RHSA-2012:1047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1047

reference_url	https://usn.ubuntu.com/1481-1/
reference_id	USN-1481-1
reference_type
scores
url	https://usn.ubuntu.com/1481-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

cwe_id	122
name	Heap-based Buffer Overflow
description	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Exploits

date_added	2011-04-22
description	PHP 'phar' Extension 1.1.1 - Heap Overflow
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`false`
source_date_published	2011-04-22
exploit_type	dos
platform	multiple
source_date_updated	2015-04-22
data_source	Exploit-DB
source_url

Severity_range_score null

Exploitability 2.0

Weighted_severity 0.3

Risk_score 0.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzpu-97n9-jqaa

Vulnerability Instance