CVE-2012-2311

2012-05-0400:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when
configured as a CGI script (aka php-cgi), does not properly handle query
strings that contain a %3D sequence but no = (equals sign) character, which
allows remote attackers to execute arbitrary code by placing command-line
options in the query string, related to lack of skipping a certain
php_getopt for the ‘d’ case. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2012-1823.

Bugs

<https://bugs.php.net/bug.php?id=61910>

Notes

Author	Note
sbeattie	Please see http://www.php.net/archive/2012.php#id2012-05-06-1 for more details when using configurations other than as described in /usr/share/doc/php5-cgi/README.Debian.gz.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.24UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.15UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.8UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.7UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	php5	< 5.2.4-2ubuntu5.24	UNKNOWN
ubuntu	10.04	noarch	php5	< 5.3.2-1ubuntu4.15	UNKNOWN
ubuntu	11.04	noarch	php5	< 5.3.5-1ubuntu7.8	UNKNOWN
ubuntu	11.10	noarch	php5	< 5.3.6-13ubuntu3.7	UNKNOWN
ubuntu	12.04	noarch	php5	< 5.3.10-1ubuntu3.1	UNKNOWN