CVE-2012-1171

Name: CVE-2012-1171
Creator: NVD / NIST
Published: 2014-02-15T14:57:07.267+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.81%

Last modified Jun 16, 2026

CVE-2012-1171 is a vulnerability of currently unknown severity. The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.. EPSS estimates a 2.81% chance of exploitation in the next 30 days.

Description

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

Metrics

EPSS Probability

2.81%

84.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions	Update
Php	Php	5.0.0	—
Php	Php	5.0.1	—
Php	Php	5.0.2	—
Php	Php	5.0.3	—
Php	Php	5.0.4	—
Php	Php	5.0.5	—
Php	Php	5.1.0	—
Php	Php	5.1.1	—
Php	Php	5.1.2	—
Php	Php	5.1.3	—
Php	Php	5.1.4	—
Php	Php	5.1.5	—
Php	Php	5.1.6	—
Php	Php	5.2.0	—
Php	Php	5.2.1	—
Php	Php	5.2.2	—
Php	Php	5.2.3	—
Php	Php	5.2.4	—
Php	Php	5.2.5	—
Php	Php	5.2.6	—
Php	Php	5.2.7	—
Php	Php	5.2.8	—
Php	Php	5.2.9	—
Php	Php	5.2.10	—
Php	Php	5.2.11	—
Php	Php	5.2.12	—
Php	Php	5.2.13	—
Php	Php	5.2.14	—
Php	Php	5.2.15	—
Php	Php	5.2.16	—
Php	Php	5.2.17	—
Php	Php	5.3.0	—
Php	Php	5.3.1	—
Php	Php	5.3.2	—
Php	Php	5.3.3	—
Php	Php	5.3.4	—
Php	Php	5.3.5	—
Php	Php	5.3.6	—
Php	Php	5.3.7	—
Php	Php	5.3.8	—
Php	Php	5.3.9	—
Php	Php	5.3.10	—
Php	Php	5.3.11	—
Php	Php	5.3.12	—
Php	Php	5.3.13	—
Php	Php	5.3.14	—
Php	Php	5.3.15	—
Php	Php	5.3.16	—
Php	Php	5.3.17	—
Php	Php	5.3.18	—

Showing 50 of 90 affected configurations. See NVD for the full list.

References

Timeline

Published: Feb 15, 2014
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1171?

How severe is CVE-2012-1171?

Severity scoring for CVE-2012-1171 is pending analysis. The EPSS model estimates a 2.81% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1171?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1171?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST