CVE-2012-1823

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

References

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html

http://marc.info/?l=bugtraq&m=134012830914727&w=2

http://rhn.redhat.com/errata/RHSA-2012-0546.html

http://rhn.redhat.com/errata/RHSA-2012-0547.html

http://rhn.redhat.com/errata/RHSA-2012-0568.html

http://rhn.redhat.com/errata/RHSA-2012-0569.html

http://rhn.redhat.com/errata/RHSA-2012-0570.html

http://secunia.com/advisories/49014

http://secunia.com/advisories/49065

http://secunia.com/advisories/49085

http://secunia.com/advisories/49087

http://support.apple.com/kb/HT5501

http://www.debian.org/security/2012/dsa-2465

http://www.kb.cert.org/vuls/id/520827

http://www.kb.cert.org/vuls/id/673343

http://www.mandriva.com/security/advisories?name=MDVSA-2012:068

http://www.php.net/archive/2012.php#id2012-05-03-1

http://www.php.net/ChangeLog-5.php#5.4.2

http://www.securitytracker.com/id?1027022

https://bugs.php.net/bug.php?id=61910

https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1

Details

Source: MITRE

Published: 2012-05-11

Updated: 2018-01-18

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.11 (inclusive)

Configuration 2

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
74630openSUSE Security Update : php5 (openSUSE-2012-288)NessusSuSE Local Security Checks
high
74616openSUSE Security Update : php5 (openSUSE-SU-2012:0590-1)NessusSuSE Local Security Checks
high
70728Apache PHP-CGI Remote Code ExecutionNessusCGI abuses
high
69684Amazon Linux AMI : php (ALAS-2012-77)NessusAmazon Linux Local Security Checks
high
6993PHP < 5.3.12 / 5.4.x < 5.4.2 CGI Query String Code ExecutionNessus Network MonitorWeb Servers
high
68525Oracle Linux 5 : php53 (ELSA-2012-0547)NessusOracle Linux Local Security Checks
high
68524Oracle Linux 5 / 6 : php (ELSA-2012-0546)NessusOracle Linux Local Security Checks
high
66844Plesk Panel Apache Arbitrary PHP Code InjectionNessusCGI abuses
high
64103SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6251)NessusSuSE Local Security Checks
high
64099SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6252)NessusSuSE Local Security Checks
high
64036RHEL 5 : php53 (RHSA-2012:0569)NessusRed Hat Local Security Checks
high
64035RHEL 5 / 6 : php (RHSA-2012:0568)NessusRed Hat Local Security Checks
high
62236GLSA-201209-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62215Mac OS X 10.8.x < 10.8.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61312Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64 (20120507)NessusScientific Linux Local Security Checks
high
61311Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120507)NessusScientific Linux Local Security Checks
high
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
59268Fedora 17 : maniadrive-1.2-40.fc17 / php-5.4.3-1.fc17 (2012-7628)NessusFedora Local Security Checks
high
59266Fedora 16 : maniadrive-1.2-32.fc16.5 / php-5.3.13-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.5 (2012-7586)NessusFedora Local Security Checks
high
59265Fedora 15 : maniadrive-1.2-32.fc15.5 / php-5.3.13-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.5 (2012-7567)NessusFedora Local Security Checks
high
59088PHP PHP-CGI Query String Parameter Injection Arbitrary Code ExecutionNessusCGI abuses
high
59084FreeBSD : php -- multiple vulnerabilities (59b68b1e-9c78-11e1-b5e0-000c299b62e1)NessusFreeBSD Local Security Checks
high
59059Debian DSA-2465-1 : php5 - several vulnerabilitiesNessusDebian Local Security Checks
high
59058CentOS 5 : php53 (CESA-2012:0547)NessusCentOS Local Security Checks
high
59053SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8114)NessusSuSE Local Security Checks
high
59031RHEL 5 : php53 (RHSA-2012:0547)NessusRed Hat Local Security Checks
high
59030RHEL 5 / 6 : php (RHSA-2012:0546)NessusRed Hat Local Security Checks
high
59021CentOS 5 / 6 : php (CESA-2012:0546)NessusCentOS Local Security Checks
high
59016Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerability (USN-1437-1)NessusUbuntu Local Security Checks
high
59010Mandriva Linux Security Advisory : php (MDVSA-2012:068-1)NessusMandriva Local Security Checks
high
59009FreeBSD : php -- vulnerability in certain CGI-based setups (60de13d5-95f0-11e1-806a-001143cd36d8)NessusFreeBSD Local Security Checks
high
58988PHP < 5.3.12 / 5.4.2 CGI Query String Code ExecutionNessusCGI abuses
high