Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2012-2336
HistoryMay 11, 2012 - 12:00 a.m.

CVE-2012-2336

2012-05-1100:00:00
ubuntu.com
ubuntu.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.035 Low

EPSS

Percentile

91.3%

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when
configured as a CGI script (aka php-cgi), does not properly handle query
strings that lack an = (equals sign) character, which allows remote
attackers to cause a denial of service (resource consumption) by placing
command-line options in the query string, related to lack of skipping a
certain php_getopt for the ‘T’ case. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2012-1823.

Notes

Author Note
sbeattie -t is a DoS issue
mdeslaur same fix as CVE-2012-2335
OSVersionArchitecturePackageVersionFilename
ubuntu08.04noarchphp5< 5.2.4-2ubuntu5.25UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.17UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.10UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.8UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.2UNKNOWN
How to protect your server from attacks?

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.035 Low

EPSS

Percentile

91.3%

Related for UB:CVE-2012-2336