CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.9%
CentOS Errata and Security Advisory CESA-2012:0547
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the php-cgi executable processed command line
arguments when running in CGI mode. A remote attacker could send a
specially-crafted request to a PHP script that would result in the query
string being parsed by php-cgi as command line options and arguments. This
could lead to the disclosure of the scriptβs source code or arbitrary code
execution with the privileges of the PHP interpreter. (CVE-2012-1823)
Red Hat is aware that a public exploit for this issue is available that
allows remote code execution in affected PHP CGI configurations. This flaw
does not affect the default configuration using the PHP module for Apache
httpd to handle PHP scripts.
All php53 users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-May/080779.html
Affected packages:
php53
php53-bcmath
php53-cli
php53-common
php53-dba
php53-devel
php53-gd
php53-imap
php53-intl
php53-ldap
php53-mbstring
php53-mysql
php53-odbc
php53-pdo
php53-pgsql
php53-process
php53-pspell
php53-snmp
php53-soap
php53-xml
php53-xmlrpc
Upstream details at:
https://access.redhat.com/errata/RHSA-2012:0547
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | php53 | <Β 5.3.3-7.el5_8 | php53-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-bcmath | <Β 5.3.3-7.el5_8 | php53-bcmath-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-cli | <Β 5.3.3-7.el5_8 | php53-cli-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-common | <Β 5.3.3-7.el5_8 | php53-common-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-dba | <Β 5.3.3-7.el5_8 | php53-dba-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-devel | <Β 5.3.3-7.el5_8 | php53-devel-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-gd | <Β 5.3.3-7.el5_8 | php53-gd-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-imap | <Β 5.3.3-7.el5_8 | php53-imap-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-intl | <Β 5.3.3-7.el5_8 | php53-intl-5.3.3-7.el5_8.i386.rpm |
CentOS | 5 | i386 | php53-ldap | <Β 5.3.3-7.el5_8 | php53-ldap-5.3.3-7.el5_8.i386.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.9%