Lucene search
Ubuntu.comUB:CVE-2012-2336HistoryMay 11, 2012 - 12:00 a.m.
CVE-2012-2336
2012-05-1100:00:00
ubuntu.com
ubuntu.com
19
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.035 Low
EPSS
Percentile
91.5%
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when
configured as a CGI script (aka php-cgi), does not properly handle query
strings that lack an = (equals sign) character, which allows remote
attackers to cause a denial of service (resource consumption) by placing
command-line options in the query string, related to lack of skipping a
certain php_getopt for the βTβ case. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2012-1823.
Notes
| Author | Note |
|---|---|
| sbeattie | -t is a DoS issue |
| mdeslaur | same fix as CVE-2012-2335 |
Related
nessus
nessus
openSUSE Security Update : php5 (openSUSE-2012-288)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2012:068-1)
2012-05-07 00:00:00
PHP 5.3.x < 5.3.13 CGI Query String Code Execution
2012-05-09 00:00:00
openvas
openvas
Mandriva Update for php MDVSA-2012:068-1 (php)
2012-08-03 00:00:00
Mandriva Update for php MDVSA-2012:068-1 (php)
2012-08-03 00:00:00
prion
prion
Design/Logic Flaw
2012-05-11 10:15:00
Design/Logic Flaw
2012-05-11 10:15:00
Design/Logic Flaw
2012-05-11 10:15:00
suse
suse
Security update for PHP5 (important)
2012-06-09 01:08:41
Security update for PHP5 (important)
2012-07-05 03:08:30
update for php5 (critical)
2012-05-07 16:08:55
cve
cve
checkpoint_advisories
checkpoint_advisories
exploitdb
exploitdb
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2)
2013-11-01 00:00:00
Plesk < 9.5.4 - Remote Command Execution
2013-06-05 00:00:00
PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection
2012-05-05 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2012-05-24 00:00:00
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
2012-05-24 00:00:00
thn
thn
Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability
2013-11-30 09:08:00
Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability
2013-11-30 20:08:00
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies
2014-03-19 22:26:00
symantec
symantec
PHP 'php-cgi' Information Disclosure Vulnerability
2012-05-04 00:00:00
saint
saint
PHP CGI Query String Parameters Command Execution
2012-05-15 00:00:00
PHP CGI Query String Parameters Command Execution
2012-05-15 00:00:00
PHP CGI Query String Parameters Command Execution
2012-05-15 00:00:00
cert
cert
Parallels Plesk Panel phppath/php vulnerability
2013-06-07 00:00:00
PHP-CGI query string parameter vulnerability
2012-05-03 00:00:00
centos
centos
php security update
2012-05-07 21:09:19
php53 security update
2012-05-07 23:01:16
php security update
2012-06-27 20:21:47
amazon
amazon
Critical: php
2012-05-09 14:54:00
oraclelinux
oraclelinux
php security update
2012-05-07 00:00:00
php53 security update
2012-05-07 00:00:00
seebug
seebug
Apache / PHP 5.x - cgi-bin Remote Code Execution Exploit
2014-07-01 00:00:00
Plesk < 9.5.4 - Zeroday Remote Exploit
2014-07-01 00:00:00
PHP CGI Argument Injection
2014-07-01 00:00:00
packetstorm
packetstorm
PHP CGI Argument Injection
2012-05-06 00:00:00
PHP-CGI Argument Injection Remote Code Execution
2012-12-24 00:00:00
PHP CGI Argument Injection
2012-05-22 00:00:00
threatpost
threatpost
FEMA: State, Local Officials Not Prepared to Respond to Cyberattack
2012-05-04 15:25:34
Exploits for Two-Year-Old PHP Security Vulnerability Found
2014-03-19 12:12:20
U.S. Cyber Command Using Classified Intel To Scare CEOs To Action
2012-05-09 18:39:14
redhat
redhat
(RHSA-2012:0568) Critical: php security update
2012-05-10 00:00:00
(RHSA-2012:0569) Critical: php53 security update
2012-05-10 00:00:00
(RHSA-2012:0570) Critical: php security update
2012-05-11 00:00:00
exploitpack
exploitpack
PHP 5.3.12 5.4.2 - CGI Argument Injection
2012-05-05 00:00:00
Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution
2013-10-29 00:00:00
Plesk 9.5.4 - Remote Command Execution
2013-06-05 00:00:00
freebsd
freebsd
php -- vulnerability in certain CGI-based setups
2012-05-03 00:00:00
php -- multiple vulnerabilities
2012-05-08 00:00:00
metasploit
metasploit
PHP CGI Argument Injection
2012-05-09 16:01:15
attackerkb
attackerkb
CVE-2012-1823
2012-05-11 00:00:00
CVE-2013-4878
2013-07-18 00:00:00
cisa_kev
cisa_kev
PHP-CGI Query String Parameter Vulnerability
2022-03-25 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:51:10
Arbitrary Code Execution
2019-05-02 04:42:12
Denial Of Service (DoS)
2019-05-02 04:42:12
zdt
zdt
Apache Magicka Remote Code Execution Vulnerability
2013-10-31 00:00:00
canvas
canvas
Immunity Canvas: PHP_CGI_REMOTE
2012-05-11 10:15:00
nuclei
nuclei
PHP CGI v5.3.12/5.4.2 Remote Code Execution
2021-07-20 09:32:27
ubuntu
ubuntu
PHP vulnerabilities
2012-06-19 00:00:00
PHP vulnerability
2012-05-04 00:00:00
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.5
2012-05-27 01:52:21
[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.5
2012-05-27 07:21:55
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.5
2012-05-27 07:21:55
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.035 Low
EPSS
Percentile
91.5%
Related for UB:CVE-2012-2336