Detections
Analytics
PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
high Nessus Plugin ID 58988
Language:
Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such is potentially affected by a remote code execution and information disclosure vulnerability.An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web server or to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters as command line arguments including switches such as '-s', '-d', and '-c'.
Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.
Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well.See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/bug.php?id=61910
http://www.php.net/archive/2012.php#id2012-05-03-1
Plugin Details
Severity: High
ID: 58988
File Name: php_5_4_2.nasl
Version: 1.26
Type: remote
Family: CGI abuses
Published: 5/4/2012
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2012-1823
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/3/2012
Vulnerability Publication Date: 5/3/2012
CISA Known Exploited Vulnerability Due Dates: 4/15/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (PHP CGI Argument Injection)
Reference Information
CVE: CVE-2012-1823
BID: 53388
CERT: 520827