Lucene search
PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
🗓️ 04 May 2012 00:00:00Reported by This script is Copyright (C) 2012-2024 Tenable Network Security, Inc.Type 
nessus🔗 www.tenable.com👁 231 Views
PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution vulnerabilit
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
| Oracle Linux 5 / 6 : php (ELSA-2012-0546) | 12 Jul 201300:00 | – | nessus |
| Oracle Linux 5 : php53 (ELSA-2012-0547) | 12 Jul 201300:00 | – | nessus |
| Linux Distros Unpatched Vulnerability : CVE-2012-1823 | 4 Mar 202500:00 | – | nessus |
| RHEL 5 / 6 : php (RHSA-2012:0568) | 24 Jan 201300:00 | – | nessus |
| RHEL 5 : php53 (RHSA-2012:0547) | 8 May 201200:00 | – | nessus |
| FreeBSD : php -- vulnerability in certain CGI-based setups (60de13d5-95f0-11e1-806a-001143cd36d8) | 7 May 201200:00 | – | nessus |
| RHEL 5 : php53 (RHSA-2012:0569) | 24 Jan 201300:00 | – | nessus |
| Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120507) | 1 Aug 201200:00 | – | nessus |
| CentOS 5 / 6 : php (CESA-2012:0546) | 8 May 201200:00 | – | nessus |
| Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64 (20120507) | 1 Aug 201200:00 | – | nessus |
10
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58988);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/11/22");
script_cve_id("CVE-2012-1823");
script_bugtraq_id(53388);
script_xref(name:"CERT", value:"520827");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
script_name(english:"PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution");
script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by a
remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is earlier than 5.3.12 / 5.4.2, and as such is potentially
affected by a remote code execution and information disclosure
vulnerability.
An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker
to obtain PHP source code from the web server or to potentially
execute arbitrary code. In vulnerable configurations, PHP treats
certain query string parameters as command line arguments including
switches such as '-s', '-d', and '-c'.
Note that this vulnerability is exploitable only when PHP is used in
CGI-based configurations. Apache with 'mod_php' is not an exploitable
configuration.");
script_set_attribute(attribute:"see_also", value:"http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/");
script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=61910");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/archive/2012.php#id2012-05-03-1");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.3.12");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.4.2");
script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'
workaround is available as well.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1823");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'PHP CGI Argument Injection');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/03");
script_set_attribute(attribute:"patch_publication_date", value:"2012/05/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2012-2024 Tenable Network Security, Inc.");
script_dependencies("php_version.nasl");
script_require_keys("www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(
port : port,
exit_on_fail : TRUE
);
version = php["ver"];
source = php["src"];
backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
if (report_paranoia < 2 && backported)
audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
if (
version =~ "^[0-4]\." ||
version =~ "^5\.[0-2]($|[^0-9])" ||
version =~ "^5\.3\.([0-9]|1[01])($|[^0-9])" ||
version =~ "^5\.4\.[01]($|[^0-9])"
)
{
if (report_verbosity > 0)
{
report =
'\n Version source : '+source +
'\n Installed version : '+version+
'\n Fixed version : 5.3.12 / 5.4.2\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo04 May 2012 00:00Current
10High risk
Vulners AI Score10
CVSS27.5
CVSS39.8
EPSS0.94386