CVE-2012-2335
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
Published at
2012-05-11T10:15Z
4229 days ago
Modified
2023-02-13T04:33Z
300 days ago
CWE-264
Problem type
References
| URL | Type |
|---|---|
| eindbazen.net http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ | MISC |
| www.php.net http://www.php.net/archive/2012.php#id2012-05-06-1 | MISC |
| bugs.php.net https://bugs.php.net/bug.php?id=61910 | MISC |
| VU#520827 http://www.kb.cert.org/vuls/id/520827 | CERT-VN |
| 49014 http://secunia.com/advisories/49014 | SECUNIA |
| SUSE-SU-2012:0840 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html | SUSE |
| SSRT100992 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 | HP |
| php-phpwrapperfcgi-code-exec(75652) https://exchange.xforce.ibmcloud.com/vulnerabilities/75652 | XF |
| SUSE-SU-2012:0721 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html | SUSE |
| git.php.net http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=sapi/cgi/cgi_main.c%3Bh=a7ac26f0#l1569 | MISC |
GET https://vulnerabilitydata.com/api/details/CVE-2012-2335
{
"id": "CVE-2012-2335",
"published_date": "2012-05-11T10:15Z",
"last_modified_date": "2023-02-13T04:33Z",
"assigner": "secalert@redhat.com",
"description": "php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.",
"references": [
{
"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
"name": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
"refsource": "MISC",
"tags": []
},
{
"url": "http://www.php.net/archive/2012.php#id2012-05-06-1",
"name": "http://www.php.net/archive/2012.php#id2012-05-06-1",
"refsource": "MISC",
"tags": []
},
{
"url": "https://bugs.php.net/bug.php?id=61910",
"name": "https://bugs.php.net/bug.php?id=61910",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.kb.cert.org/vuls/id/520827",
"name": "VU#520827",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
]
},
{
"url": "http://secunia.com/advisories/49014",
"name": "49014",
"refsource": "SECUNIA",
"tags": []
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html",
"name": "SUSE-SU-2012:0840",
"refsource": "SUSE",
"tags": []
},
{
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862",
"name": "SSRT100992",
"refsource": "HP",
"tags": []
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75652",
"name": "php-phpwrapperfcgi-code-exec(75652)",
"refsource": "XF",
"tags": []
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html",
"name": "SUSE-SU-2012:0721",
"refsource": "SUSE",
"tags": []
},
{
"url": "http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=sapi/cgi/cgi_main.c%3Bh=a7ac26f0#l1569",
"name": "http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=sapi/cgi/cgi_main.c%3Bh=a7ac26f0#l1569",
"refsource": "MISC",
"tags": []
}
],
"impact": {
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"severity": "HIGH",
"exploitabilityScore": 10,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"problem_type": "CWE-264"
}