CVE-2012-1823 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Reserved 2012-03-21 | Published 2012-05-11 | Updated 2025-02-07 | Assigner certcc

CISA Known Exploited Vulnerability

Date added 2022-03-25 | Due date 2022-04-15

Apply updates per vendor instructions.

References

marc.info/?l=bugtraq&m=134012830914727&w=2 (SSRT100856) vendor-advisory

lists.opensuse.org/...ecurity-announce/2012-05/msg00011.html (SUSE-SU-2012:0604) vendor-advisory

www.securitytracker.com/id?1027022 (1027022) vdb-entry

h20000.www2.hp.com/...upport/Document.jsp?objectID=c03360041 (HPSBMU02786) vendor-advisory

www.mandriva.com/security/advisories?name=MDVSA-2012:068 (MDVSA-2012:068) vendor-advisory

lists.opensuse.org/...ecurity-announce/2012-05/msg00002.html (openSUSE-SU-2012:0590) vendor-advisory

rhn.redhat.com/errata/RHSA-2012-0546.html (RHSA-2012:0546) vendor-advisory

rhn.redhat.com/errata/RHSA-2012-0568.html (RHSA-2012:0568) vendor-advisory

rhn.redhat.com/errata/RHSA-2012-0569.html (RHSA-2012:0569) vendor-advisory

www.php.net/ChangeLog-5.php

secunia.com/advisories/49014 (49014) third-party-advisory

rhn.redhat.com/errata/RHSA-2012-0570.html (RHSA-2012:0570) vendor-advisory

lists.opensuse.org/...ecurity-announce/2012-05/msg00007.html (SUSE-SU-2012:0598) vendor-advisory

bugs.php.net/bug.php?id=61910

www.kb.cert.org/vuls/id/673343 (VU#673343) third-party-advisory

rhn.redhat.com/errata/RHSA-2012-0547.html (RHSA-2012:0547) vendor-advisory

lists.apple.com/.../security-announce/2012/Sep/msg00004.html (APPLE-SA-2012-09-19-2) vendor-advisory

support.apple.com/kb/HT5501

eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

secunia.com/advisories/49065 (49065) third-party-advisory

www.kb.cert.org/vuls/id/520827 (VU#520827) third-party-advisory

bugs.php.net/...patch=cgi.diff&revision=1335984315&display=1

h20000.www2.hp.com/...upport/Document.jsp?objectID=c03360041 (SSRT100877) vendor-advisory

marc.info/?l=bugtraq&m=134012830914727&w=2 (HPSBUX02791) vendor-advisory

www.debian.org/security/2012/dsa-2465 (DSA-2465) vendor-advisory

secunia.com/advisories/49085 (49085) third-party-advisory

www.php.net/archive/2012.php

secunia.com/advisories/49087 (49087) third-party-advisory

www.openwall.com/lists/oss-security/2024/06/07/1 ([oss-security] 20240606 PHP security releases 8.3.8, 8.2.20, and 8.1.29) mailing-list

lists.fedoraproject.org/...PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ (FEDORA-2024-49aba7b305) vendor-advisory

lists.fedoraproject.org/...W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ (FEDORA-2024-52c23ef1ec) vendor-advisory

cve.org (CVE-2012-1823)

nvd.nist.gov (CVE-2012-1823)

Download JSON

https://cve.threatint.eu/CVE/CVE-2012-1823

Support options

Helpdesk Chat, Email, Knowledgebase