Lucene search

K
ubuntu
UbuntuUSN-1437-1
HistoryMay 04, 2012 - 12:00 a.m.

PHP vulnerability

2012-05-0400:00:00
ubuntu.com
54

10 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • php5 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP, when used as a stand alone CGI processor
for the Apache Web Server, did not properly parse and filter query
strings. This could allow a remote attacker to execute arbitrary code
running with the privilege of the web server. Configurations using
mod_php5 and FastCGI were not vulnerable.

This update addresses the issue when the PHP CGI interpreter
is configured using mod_cgi and mod_actions as described in
/usr/share/doc/php5-cgi/README.Debian.gz; however, if an alternate
configuration is used to enable PHP CGI processing, it should be
reviewed to ensure that command line arguments cannot be passed to
the PHP interpreter. Please see CVE-2012-2311 for more details and
potential mitigation approaches.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchphp5-cgi< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchlibapache2-mod-php5< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-cli< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-common< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-curl< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-dev< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-gd< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-gmp< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-ldap< 5.2.4-2ubuntu5.24UNKNOWN
Ubuntu8.04noarchphp5-mhash< 5.2.4-2ubuntu5.24UNKNOWN
Rows per page:
1-10 of 1211
How to protect your server from attacks?

10 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

Related for USN-1437-1