National Cyber Awareness System

Vulnerability Summary for CVE-2012-1823

Overview

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#520827

Name: VU#520827

Hyperlink:http://www.kb.cert.org/vuls/id/520827

External Source: CONFIRM

Name: https://bugs.php.net/bug.php?id=61910

Type: Patch Information; Exploit

Hyperlink:https://bugs.php.net/bug.php?id=61910

External Source: CONFIRM

Name: http://www.php.net/ChangeLog-5.php#5.4.2

Type: Patch Information; Exploit

Hyperlink:http://www.php.net/ChangeLog-5.php#5.4.2

External Source: CONFIRM

Name: https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1

Hyperlink:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1

External Source: SECTRACK

Name: 1027022

Hyperlink:http://www.securitytracker.com/id?1027022

External Source: CONFIRM

Name: http://www.php.net/archive/2012.php#id2012-05-03-1

Hyperlink:http://www.php.net/archive/2012.php#id2012-05-03-1

External Source: CONFIRM

Name: http://support.apple.com/kb/HT5501

Hyperlink:http://support.apple.com/kb/HT5501

External Source: SECUNIA

Name: 49087

Hyperlink:http://secunia.com/advisories/49087

External Source: SECUNIA

Name: 49085

Hyperlink:http://secunia.com/advisories/49085

External Source: SECUNIA

Name: 49065

Hyperlink:http://secunia.com/advisories/49065

External Source: SECUNIA

Name: 49014

Hyperlink:http://secunia.com/advisories/49014

External Source: REDHAT

Name: RHSA-2012:0568

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0568.html

External Source: REDHAT

Name: RHSA-2012:0547

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0547.html

External Source: REDHAT

Name: RHSA-2012:0546

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0546.html

External Source: HP

Name: HPSBUX02791

Hyperlink:http://marc.info/?l=bugtraq&m=134012830914727&w=2

External Source: HP

Name: SSRT100856

Hyperlink:http://marc.info/?l=bugtraq&m=134012830914727&w=2

External Source: APPLE

Name: APPLE-SA-2012-09-19-2

Hyperlink:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

External Source: HP

Name: HPSBMU02786

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

External Source: HP

Name: SSRT100877

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

External Source: MISC

Name: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Hyperlink:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/