Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2012-1823
HistoryMay 03, 2012 - 12:00 a.m.

CVE-2012-1823

2012-05-0300:00:00
ubuntu.com
ubuntu.com
35

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when
configured as a CGI script (aka php-cgi), does not properly handle query
strings that lack an = (equals sign) character, which allows remote
attackers to execute arbitrary code by placing command-line options in the
query string, related to lack of skipping a certain php_getopt for the ā€˜dā€™
case.

Bugs

Notes

Author Note
mdeslaur Fix was incomplete, see CVE-2012-2311
OSVersionArchitecturePackageVersionFilename
ubuntu08.04noarchphp5< 5.2.4-2ubuntu5.24UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.15UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.8UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.7UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.1UNKNOWN
How to protect your server from attacks?

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

Related for UB:CVE-2012-1823