Vulnerability Data

by Reconmap

CVE-2012-1823

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Published at
2012-05-11T10:15Z
4229 days ago
Modified
2018-01-18T02:29Z
2152 days ago
CWE-20
Problem type

References


URLType
bugs.php.net
https://bugs.php.net/bug.php?id=61910		CONFIRM
www.php.net
http://www.php.net/ChangeLog-5.php#5.4.2		CONFIRM
www.php.net
http://www.php.net/archive/2012.php#id2012-05-03-1		CONFIRM
eindbazen.net
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/		MISC
bugs.php.net
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1		CONFIRM
VU#520827
http://www.kb.cert.org/vuls/id/520827		CERT-VN
RHSA-2012:0568
http://rhn.redhat.com/errata/RHSA-2012-0568.html		REDHAT
RHSA-2012:0547
http://rhn.redhat.com/errata/RHSA-2012-0547.html		REDHAT
RHSA-2012:0546
http://rhn.redhat.com/errata/RHSA-2012-0546.html		REDHAT
49014
http://secunia.com/advisories/49014		SECUNIA
49087
http://secunia.com/advisories/49087		SECUNIA
49065
http://secunia.com/advisories/49065		SECUNIA
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041		HP
SSRT100856
http://marc.info/?l=bugtraq&m=134012830914727&w=2		HP
APPLE-SA-2012-09-19-2
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html		APPLE
support.apple.com
http://support.apple.com/kb/HT5501		CONFIRM
1027022
http://www.securitytracker.com/id?1027022		SECTRACK
49085
http://secunia.com/advisories/49085		SECUNIA
VU#673343
http://www.kb.cert.org/vuls/id/673343		CERT-VN
MDVSA-2012:068
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068		MANDRIVA
RHSA-2012:0570
http://rhn.redhat.com/errata/RHSA-2012-0570.html		REDHAT
RHSA-2012:0569
http://rhn.redhat.com/errata/RHSA-2012-0569.html		REDHAT
openSUSE-SU-2012:0590
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html		SUSE
DSA-2465
http://www.debian.org/security/2012/dsa-2465		DEBIAN
SUSE-SU-2012:0604
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html		SUSE
SUSE-SU-2012:0598
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html		SUSE

GET https://vulnerabilitydata.com/api/details/CVE-2012-1823

{
	"id": "CVE-2012-1823",
	"published_date": "2012-05-11T10:15Z",
	"last_modified_date": "2018-01-18T02:29Z",
	"assigner": "cert@cert.org",
	"description": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.",
	"references": [
		{
			"url": "https://bugs.php.net/bug.php?id=61910",
			"name": "https://bugs.php.net/bug.php?id=61910",
			"refsource": "CONFIRM",
			"tags": [
				"Exploit",
				"Patch"
			]
		},
		{
			"url": "http://www.php.net/ChangeLog-5.php#5.4.2",
			"name": "http://www.php.net/ChangeLog-5.php#5.4.2",
			"refsource": "CONFIRM",
			"tags": [
				"Exploit",
				"Patch"
			]
		},
		{
			"url": "http://www.php.net/archive/2012.php#id2012-05-03-1",
			"name": "http://www.php.net/archive/2012.php#id2012-05-03-1",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
			"name": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
			"refsource": "MISC",
			"tags": [
				"Exploit"
			]
		},
		{
			"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1",
			"name": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://www.kb.cert.org/vuls/id/520827",
			"name": "VU#520827",
			"refsource": "CERT-VN",
			"tags": [
				"Exploit",
				"US Government Resource"
			]
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html",
			"name": "RHSA-2012:0568",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html",
			"name": "RHSA-2012:0547",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html",
			"name": "RHSA-2012:0546",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://secunia.com/advisories/49014",
			"name": "49014",
			"refsource": "SECUNIA",
			"tags": []
		},
		{
			"url": "http://secunia.com/advisories/49087",
			"name": "49087",
			"refsource": "SECUNIA",
			"tags": []
		},
		{
			"url": "http://secunia.com/advisories/49065",
			"name": "49065",
			"refsource": "SECUNIA",
			"tags": []
		},
		{
			"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
			"name": "HPSBMU02786",
			"refsource": "HP",
			"tags": []
		},
		{
			"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2",
			"name": "SSRT100856",
			"refsource": "HP",
			"tags": []
		},
		{
			"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
			"name": "APPLE-SA-2012-09-19-2",
			"refsource": "APPLE",
			"tags": []
		},
		{
			"url": "http://support.apple.com/kb/HT5501",
			"name": "http://support.apple.com/kb/HT5501",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://www.securitytracker.com/id?1027022",
			"name": "1027022",
			"refsource": "SECTRACK",
			"tags": []
		},
		{
			"url": "http://secunia.com/advisories/49085",
			"name": "49085",
			"refsource": "SECUNIA",
			"tags": []
		},
		{
			"url": "http://www.kb.cert.org/vuls/id/673343",
			"name": "VU#673343",
			"refsource": "CERT-VN",
			"tags": [
				"US Government Resource"
			]
		},
		{
			"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068",
			"name": "MDVSA-2012:068",
			"refsource": "MANDRIVA",
			"tags": []
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html",
			"name": "RHSA-2012:0570",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html",
			"name": "RHSA-2012:0569",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html",
			"name": "openSUSE-SU-2012:0590",
			"refsource": "SUSE",
			"tags": []
		},
		{
			"url": "http://www.debian.org/security/2012/dsa-2465",
			"name": "DSA-2465",
			"refsource": "DEBIAN",
			"tags": []
		},
		{
			"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html",
			"name": "SUSE-SU-2012:0604",
			"refsource": "SUSE",
			"tags": []
		},
		{
			"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html",
			"name": "SUSE-SU-2012:0598",
			"refsource": "SUSE",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
				"accessVector": "NETWORK",
				"accessComplexity": "LOW",
				"authentication": "NONE",
				"confidentialityImpact": "PARTIAL",
				"integrityImpact": "PARTIAL",
				"availabilityImpact": "PARTIAL",
				"baseScore": 7.5
			},
			"severity": "HIGH",
			"exploitabilityScore": 10,
			"impactScore": 6.4,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-20"
}