CVE-2012-1823

critical-risk

Published 2012-05-11

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Do I need to act?

94.4% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

4 public exploits available

29290, 29316, 18834 and 1 more

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Php

Opensuse

Linux Enterprise Server

Mac Os X

Application Stack

Gluster Storage Server For On-Premise

Storage For Public Cloud

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Fedora

Debian Linux

Hp-Ux

Opensuse

Linux Enterprise Server

Affected Vendors

Debian Hp Redhat Php Fedoraproject Suse Apple Opensuse

References (60)

Broken Link http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Broken Link http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Mailing List http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html

Mailing List http://marc.info/?l=bugtraq&m=134012830914727&w=2

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0546.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0547.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0568.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0569.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0570.html

Broken Link http://secunia.com/advisories/49014

Broken Link http://secunia.com/advisories/49065

Broken Link http://secunia.com/advisories/49085

Broken Link http://secunia.com/advisories/49087

Third Party Advisory http://support.apple.com/kb/HT5501

Third Party Advisory http://www.debian.org/security/2012/dsa-2465

Exploit http://www.kb.cert.org/vuls/id/520827

Third Party Advisory http://www.kb.cert.org/vuls/id/673343

and 40 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 34/34 · Critical

Exposure 22/34 · High