National Cyber Awareness System

Vulnerability Summary for CVE-2012-2311

Overview

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#520827

Name: VU#520827

Hyperlink:http://www.kb.cert.org/vuls/id/520827

External Source: CONFIRM

Name: https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1

Hyperlink:https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1

External Source: CONFIRM

Name: https://bugs.php.net/bug.php?id=61910

Type: Advisory

Hyperlink:https://bugs.php.net/bug.php?id=61910

External Source: SECTRACK

Name: 1027022

Hyperlink:http://www.securitytracker.com/id?1027022

External Source: CONFIRM

Name: http://www.php.net/ChangeLog-5.php#5.4.3

Hyperlink:http://www.php.net/ChangeLog-5.php#5.4.3

External Source: CONFIRM

Name: http://www.php.net/archive/2012.php#id2012-05-08-1

Hyperlink:http://www.php.net/archive/2012.php#id2012-05-08-1

External Source: CONFIRM

Name: http://support.apple.com/kb/HT5501

Hyperlink:http://support.apple.com/kb/HT5501

External Source: SECUNIA

Name: 49085

Hyperlink:http://secunia.com/advisories/49085

External Source: SECUNIA

Name: 49014

Hyperlink:http://secunia.com/advisories/49014

External Source: HP

Name: HPSBUX02791

Hyperlink:http://marc.info/?l=bugtraq&m=134012830914727&w=2

External Source: HP

Name: SSRT100856

Hyperlink:http://marc.info/?l=bugtraq&m=134012830914727&w=2

External Source: APPLE

Name: APPLE-SA-2012-09-19-2

Hyperlink:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

External Source: MISC

Name: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Hyperlink:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/