Lucene search

CVE-2012-2311

🗓️ 11 May 2012 10:48:15Reported by redhatType

cve🔗 web.nvd.nist.gov👁 216 Views🌐 WEB

php-cgi in PHP before 5.3.13 and 5.4.x before 5.4.3 allows remote code execution

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
OpenVAS	SuSE Update for update openSUSE-SU-2012:0590-1 (update)	13 Dec 201200:00	–	openvas
OpenVAS	Fedora Update for php-eaccelerator FEDORA-2012-7567	28 May 201200:00	–	openvas
OpenVAS	Fedora Update for maniadrive FEDORA-2012-7567	28 May 201200:00	–	openvas
OpenVAS	Fedora Update for maniadrive FEDORA-2012-7586	28 May 201200:00	–	openvas
OpenVAS	Fedora Update for php FEDORA-2012-7586	28 May 201200:00	–	openvas
OpenVAS	openSUSE: Security Advisory for update (openSUSE-SU-2012:0590-1)	13 Dec 201200:00	–	openvas
OpenVAS	Fedora Update for php-eaccelerator FEDORA-2012-7586	28 May 201200:00	–	openvas
OpenVAS	Ubuntu Update for php5 USN-1437-1	8 May 201200:00	–	openvas
OpenVAS	Fedora Update for php-eaccelerator FEDORA-2012-7567	28 May 201200:00	–	openvas
OpenVAS	Fedora Update for php FEDORA-2012-7586	28 May 201200:00	–	openvas

Nvd

Node

php phpRange≤5.3.12

php phpMatch1.0

php phpMatch2.0

php phpMatch2.0b10

php phpMatch3.0

php phpMatch3.0.1

php phpMatch3.0.2

php phpMatch3.0.3

php phpMatch3.0.4

php phpMatch3.0.5

php phpMatch3.0.6

php phpMatch3.0.7

php phpMatch3.0.8

php phpMatch3.0.9

php phpMatch3.0.10

php phpMatch3.0.11

php phpMatch3.0.12

php phpMatch3.0.13

php phpMatch3.0.14

php phpMatch3.0.15

php phpMatch3.0.16

php phpMatch3.0.17

php phpMatch3.0.18

php phpMatch4.0beta_4_patch1

php phpMatch4.0beta1

php phpMatch4.0beta2

php phpMatch4.0beta3

php phpMatch4.0beta4

php phpMatch4.0.0

php phpMatch4.0.1

php phpMatch4.0.2

php phpMatch4.0.3

php phpMatch4.0.4

php phpMatch4.0.5

php phpMatch4.0.6

php phpMatch4.0.7

php phpMatch4.1.0

php phpMatch4.1.1

php phpMatch4.1.2

php phpMatch4.2.0

php phpMatch4.2.1

php phpMatch4.2.2

php phpMatch4.2.3

php phpMatch4.3.0

php phpMatch4.3.1

php phpMatch4.3.2

php phpMatch4.3.3

php phpMatch4.3.4

php phpMatch4.3.5

php phpMatch4.3.6

php phpMatch4.3.7

php phpMatch4.3.8

php phpMatch4.3.9

php phpMatch4.3.10

php phpMatch4.3.11

php phpMatch4.4.0

php phpMatch4.4.1

php phpMatch4.4.2

php phpMatch4.4.3

php phpMatch4.4.4

php phpMatch4.4.5

php phpMatch4.4.6

php phpMatch4.4.7

php phpMatch4.4.8

php phpMatch4.4.9

php phpMatch5.0.0

php phpMatch5.0.0beta1

php phpMatch5.0.0beta2

php phpMatch5.0.0beta3

php phpMatch5.0.0beta4

php phpMatch5.0.0rc1

php phpMatch5.0.0rc2

php phpMatch5.0.0rc3

php phpMatch5.0.1

php phpMatch5.0.2

php phpMatch5.0.3

php phpMatch5.0.4

php phpMatch5.0.5

php phpMatch5.1.0

php phpMatch5.1.1

php phpMatch5.1.2

php phpMatch5.1.3

php phpMatch5.1.4

php phpMatch5.1.5

php phpMatch5.1.6

php phpMatch5.2.0

php phpMatch5.2.1

php phpMatch5.2.2

php phpMatch5.2.3

php phpMatch5.2.4

php phpMatch5.2.5

php phpMatch5.2.6

php phpMatch5.2.7

php phpMatch5.2.8

php phpMatch5.2.9

php phpMatch5.2.10

php phpMatch5.2.11

php phpMatch5.2.12

php phpMatch5.2.13

php phpMatch5.2.14

php phpMatch5.2.15

php phpMatch5.2.16

php phpMatch5.2.17

php phpMatch5.3.0

php phpMatch5.3.1

php phpMatch5.3.2

php phpMatch5.3.3

php phpMatch5.3.4

php phpMatch5.3.5

php phpMatch5.3.6

php phpMatch5.3.7

php phpMatch5.3.8

php phpMatch5.3.9

php phpMatch5.3.10

php phpMatch5.3.11

php phpMatch5.4.0

php phpMatch5.4.0beta2

php phpMatch5.4.1

php phpMatch5.4.2

Source	Link
eindbazen	www.eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
lists	www.lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
securitytracker	www.securitytracker.com/id
lists	www.lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
debian	www.debian.org/security/2012/dsa-2465
marc	www.marc.info/
bugs	www.bugs.php.net/bug.php
php	www.php.net/archive/2012.php
kb	www.kb.cert.org/vuls/id/520827
secunia	www.secunia.com/advisories/49014

Parameter	Position	Path	Description	CWE
c	query param	/index.php	PHP-CGI remote code execution vulnerability on Windows due to improper handling of query strings with special characters.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 May 2012 10:15Current

9.9High risk

Vulners AI Score9.9

CVSS27.5

EPSS0.94386

CWE-89