CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.2%
It was discovered that PHP, when used as a stand alone CGI processor
for the Apache Web Server, did not properly parse and filter query
strings. This could allow a remote attacker to execute arbitrary code
running with the privilege of the web server. Configurations using
mod_php5 and FastCGI were not vulnerable.
This update addresses the issue when the PHP CGI interpreter
is configured using mod_cgi and mod_actions as described in
/usr/share/doc/php5-cgi/README.Debian.gz; however, if an alternate
configuration is used to enable PHP CGI processing, it should be
reviewed to ensure that command line arguments cannot be passed to
the PHP interpreter. Please see CVE-2012-2311 for more details and
potential mitigation approaches.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | php5-cgi | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | libapache2-mod-php5 | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-cli | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-common | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-curl | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-dev | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-gd | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-gmp | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-ldap | < 5.2.4-2ubuntu5.24 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-mhash | < 5.2.4-2ubuntu5.24 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.2%