Lucene search

K
saintSAINT CorporationSAINT:383F4FB67DCF7CAE7E06F44A5B5DC13F
HistoryMay 15, 2012 - 12:00 a.m.

PHP CGI Query String Parameters Command Execution

2012-05-1500:00:00
SAINT Corporation
my.saintcorporation.com
156

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.915

Percentile

98.9%

Added: 05/15/2012
CVE: CVE-2012-1823
BID: 53388
OSVDB: 81633

Background

PHP is a widely used general-purpose scripting language that is especially suited for Web development.

Problem

When configured as a CGI script (aka php-cgi), PHP does not properly handle query string parameters which are passed directly to the php-cgi program. This can be exploited to execute arbitrary system commands or disclose the PHP source code.

Resolution

Upgrade PHP to version 5.4.3 or 5.3.13 or higher.

References

<http://secunia.com/advisories/49014&gt;
<http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823&gt;

Limitations

This exploit has been tested against PHP 5.3.10 on Windows XP SP3 and PHP 5.4.0 on Ubuntu 11.10 Linux.

Platforms

Windows
Linux
Mac OS X

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.915

Percentile

98.9%