Lucene search

K
cve
Secalert@redhat.comCVE-2012-2311
HistoryMay 11, 2012 - 10:15 a.m.

CVE-2012-2311

2012-05-1110:15:00
CWE-89
secalert@redhat.com
web.nvd.nist.gov
168
cve-2012-2311
php
cgi
remote code execution
security vulnerability

10 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.0%

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ā€˜dā€™ case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

References

How to protect your server from attacks?

10 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.0%

Related for CVE-2012-2311