7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.937 High
EPSS
Percentile
99.1%
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when
configured as a CGI script (aka php-cgi), does not properly handle query
strings that contain a %3D sequence but no = (equals sign) character, which
allows remote attackers to execute arbitrary code by placing command-line
options in the query string, related to lack of skipping a certain
php_getopt for the ‘d’ case. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2012-1823.
Author | Note |
---|---|
sbeattie | Please see http://www.php.net/archive/2012.php#id2012-05-06-1 for more details when using configurations other than as described in /usr/share/doc/php5-cgi/README.Debian.gz. |
eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
www.php-security.net/archives/11-Mitigation-for-CVE-2012-1823-CVE-2012-2311.html
www.php.net/archive/2012.php#id2012-05-06-1
launchpad.net/bugs/cve/CVE-2012-2311
nvd.nist.gov/vuln/detail/CVE-2012-2311
security-tracker.debian.org/tracker/CVE-2012-2311
ubuntu.com/security/notices/USN-1437-1
www.cve.org/CVERecord?id=CVE-2012-2311