sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 30
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Php Php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
|
— |
5.3.12
|
|
Php Php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
|
5.4.0
|
5.4.2
|
|
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
|
— | — |
|
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
|
— | — |
|
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
|
— | — |
|
Hp Hp-Ux
cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
|
— | — |
|
Hp Hp-Ux
cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
|
— | — |
|
Opensuse Opensuse
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
|
— | — |
|
Opensuse Opensuse
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
|
— | — |
|
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
|
— | — |
|
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
|
— | — |
|
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
|
— | — |
|
Suse Linux_Enterprise_Software_Development_Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
|
— | — |
|
Suse Linux_Enterprise_Software_Development_Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
|
— | — |
|
Apple Mac_Os_X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
|
10.6.8
|
10.7.5
|
|
Apple Mac_Os_X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
|
10.8.0
|
10.8.2
|
|
Redhat Application_Stack
cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Gluster_Storage_Server_For_On-Premise
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Storage
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Storage_For_Public_Cloud
cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
|
— | — |
|
Redhat Enterprise_Linux_Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
|
— | — |
References 31
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
cret@cert.org
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
cret@cert.org
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
cret@cert.org
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
cret@cert.org
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
cret@cert.org
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
cret@cert.org
http://marc.info/?l=bugtraq&m=134012830914727&w=2
cret@cert.org
http://rhn.redhat.com/errata/RHSA-2012-0546.html
cret@cert.org
http://rhn.redhat.com/errata/RHSA-2012-0547.html
cret@cert.org
http://rhn.redhat.com/errata/RHSA-2012-0568.html
cret@cert.org
http://rhn.redhat.com/errata/RHSA-2012-0569.html
cret@cert.org
http://rhn.redhat.com/errata/RHSA-2012-0570.html
cret@cert.org
http://secunia.com/advisories/49014
cret@cert.org
http://secunia.com/advisories/49065
cret@cert.org
http://secunia.com/advisories/49085
cret@cert.org
http://secunia.com/advisories/49087
cret@cert.org
http://support.apple.com/kb/HT5501
cret@cert.org
http://www.debian.org/security/2012/dsa-2465
cret@cert.org
http://www.kb.cert.org/vuls/id/520827
cret@cert.org
http://www.kb.cert.org/vuls/id/673343
cret@cert.org
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
cret@cert.org
http://www.openwall.com/lists/oss-security/2024/06/07/1
cret@cert.org
http://www.php.net/ChangeLog-5.php#5.4.2
cret@cert.org
http://www.php.net/archive/2012.php#id2012-05-03-1
cret@cert.org
http://www.securitytracker.com/id?1027022
cret@cert.org
https://bugs.php.net/bug.php?id=61910
cret@cert.org
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=133…
cret@cert.org
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
cret@cert.org
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
cret@cert.org
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…
134c704f-9b21-4f2e-91b3-4a467353bcc0