Executive Summary

Informations
NameCVE-2012-1823First vendor Publication2012-05-11
VendorCveLast vendor Modification2013-07-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21416
 
Oval ID: oval:org.mitre.oval:def:21416
Title: RHSA-2012:0547: php53 security update (Critical)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Family: unix Class: patch
Reference(s): RHSA-2012:0547-00
CESA-2012:0547
CVE-2012-1823
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21394
 
Oval ID: oval:org.mitre.oval:def:21394
Title: RHSA-2012:0546: php security update (Critical)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Family: unix Class: patch
Reference(s): RHSA-2012:0546-01
CESA-2012:0546
CVE-2012-1823
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19063
 
Oval ID: oval:org.mitre.oval:def:19063
Title: HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1823
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17864
 
Oval ID: oval:org.mitre.oval:def:17864
Title: USN-1437-1 -- php5 vulnerability
Description: Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server.
Family: unix Class: patch
Reference(s): USN-1437-1
CVE-2012-2311
CVE-2012-1823
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23798
 
Oval ID: oval:org.mitre.oval:def:23798
Title: ELSA-2012:0546: php security update (Critical)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Family: unix Class: patch
Reference(s): ELSA-2012:0546-01
CVE-2012-1823
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23389
 
Oval ID: oval:org.mitre.oval:def:23389
Title: DEPRECATED: ELSA-2012:0546: php security update (Critical)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Family: unix Class: patch
Reference(s): ELSA-2012:0546-01
CVE-2012-1823
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22882
 
Oval ID: oval:org.mitre.oval:def:22882
Title: ELSA-2012:0547: php53 security update (Critical)
Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Family: unix Class: patch
Reference(s): ELSA-2012:0547-00
CVE-2012-1823
Version: 6
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27762
 
Oval ID: oval:org.mitre.oval:def:27762
Title: ELSA-2012-0547 -- php53 security update (critical)
Description: [5.3.3-7] - correct detection of = in CVE-2012-1823 fix (#818607) [5.3.3-6] - add security fix for CVE-2012-1823 (#818607)
Family: unix Class: patch
Reference(s): ELSA-2012-0547
CVE-2012-1823
Version: 3
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27715
 
Oval ID: oval:org.mitre.oval:def:27715
Title: ELSA-2012-0546 -- php security update (critical)
Description: [5.3.3-3.8] - correct detection of = in CVE-2012-1823 fix (#818607) [5.3.3-3.7] - add security fix for CVE-2012-1823 (#818607)
Family: unix Class: patch
Reference(s): ELSA-2012-0546
CVE-2012-1823
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application52

SAINT Exploits

DescriptionLink
PHP CGI Query String Parameters Command ExecutionMore info here

ExploitDB Exploits

idDescription
2013-10-29Apache / PHP 5.x Remote Code Execution Exploit
2013-06-05Plesk Apache Zeroday Remote Exploit
2012-05-05PHP CGI Argument Injection Exploit
2012-05-04PHP CGI Argument Injection

OpenVAS Exploits

DateDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0590-1 (update)
File : nvt/gb_suse_2012_0590_1.nasl
2012-09-26Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_php_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_php_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_php_fc17.nasl
2012-08-06Name : Fedora Update for php FEDORA-2012-10908
File : nvt/gb_fedora_2012_10908_php_fc16.nasl
2012-08-03Name : Mandriva Update for php MDVSA-2012:068 (php)
File : nvt/gb_mandriva_MDVSA_2012_068.nasl
2012-08-03Name : Mandriva Update for php MDVSA-2012:068-1 (php)
File : nvt/gb_mandriva_MDVSA_2012_068_1.nasl
2012-07-30Name : CentOS Update for php CESA-2012:0546 centos5
File : nvt/gb_CESA-2012_0546_php_centos5.nasl
2012-07-30Name : CentOS Update for php CESA-2012:0546 centos6
File : nvt/gb_CESA-2012_0546_php_centos6.nasl
2012-07-30Name : CentOS Update for php53 CESA-2012:0547 centos5
File : nvt/gb_CESA-2012_0547_php53_centos5.nasl
2012-07-30Name : CentOS Update for php CESA-2012:1045 centos5
File : nvt/gb_CESA-2012_1045_php_centos5.nasl
2012-07-30Name : CentOS Update for php CESA-2012:1046 centos6
File : nvt/gb_CESA-2012_1046_php_centos6.nasl
2012-07-30Name : CentOS Update for php53 CESA-2012:1047 centos5
File : nvt/gb_CESA-2012_1047_php53_centos5.nasl
2012-07-03Name : Fedora Update for php FEDORA-2012-9762
File : nvt/gb_fedora_2012_9762_php_fc16.nasl
2012-06-28Name : RedHat Update for php RHSA-2012:1045-01
File : nvt/gb_RHSA-2012_1045-01_php.nasl
2012-06-28Name : RedHat Update for php RHSA-2012:1046-01
File : nvt/gb_RHSA-2012_1046-01_php.nasl
2012-06-28Name : RedHat Update for php53 RHSA-2012:1047-01
File : nvt/gb_RHSA-2012_1047-01_php53.nasl
2012-05-31Name : FreeBSD Ports: php5
File : nvt/freebsd_php516.nasl
2012-05-31Name : FreeBSD Ports: php5
File : nvt/freebsd_php517.nasl
2012-05-31Name : Debian Security Advisory DSA 2465-1 (php5)
File : nvt/deb_2465_1.nasl
2012-05-28Name : Fedora Update for maniadrive FEDORA-2012-7567
File : nvt/gb_fedora_2012_7567_maniadrive_fc15.nasl
2012-05-28Name : Fedora Update for php-eaccelerator FEDORA-2012-7567
File : nvt/gb_fedora_2012_7567_php-eaccelerator_fc15.nasl
2012-05-28Name : Fedora Update for php FEDORA-2012-7567
File : nvt/gb_fedora_2012_7567_php_fc15.nasl
2012-05-28Name : Fedora Update for maniadrive FEDORA-2012-7586
File : nvt/gb_fedora_2012_7586_maniadrive_fc16.nasl
2012-05-28Name : Fedora Update for php-eaccelerator FEDORA-2012-7586
File : nvt/gb_fedora_2012_7586_php-eaccelerator_fc16.nasl
2012-05-28Name : Fedora Update for php FEDORA-2012-7586
File : nvt/gb_fedora_2012_7586_php_fc16.nasl
2012-05-08Name : RedHat Update for php RHSA-2012:0546-01
File : nvt/gb_RHSA-2012_0546-01_php.nasl
2012-05-08Name : RedHat Update for php53 RHSA-2012:0547-01
File : nvt/gb_RHSA-2012_0547-01_php53.nasl
2012-05-08Name : Ubuntu Update for php5 USN-1437-1
File : nvt/gb_ubuntu_USN_1437_1.nasl
2012-05-04Name : PHP-CGI-based setups vulnerability when parsing query string parameters from ...
File : nvt/gb_php_cgi_2012.nasl

Snort® IPS/IDS

DateDescription
2014-01-10PHP-CGI command injection attempt
RuleID : 22097 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10PHP-CGI command injection attempt
RuleID : 22064 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10PHP-CGI remote file include attempt
RuleID : 22063-community - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10PHP-CGI remote file include attempt
RuleID : 22063 - Revision : 9 - Type : SERVER-WEBAPP

Metasploit Database

idDescription
2012-05-03 PHP CGI Argument Injection

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-261.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-288.nasl - Type : ACT_GATHER_INFO
2013-11-01Name : The remote web server contains a version of PHP that allows arbitrary code ex...
File : php_cgi_remote_code_execution.nasl - Type : ACT_ATTACK
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-77.nasl - Type : ACT_GATHER_INFO
2013-07-23Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0546.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0547.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1045.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-06-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-06-07Name : The remote web server is affected by a remote PHP code code injection vulnera...
File : plesk_apache_code_execution.nasl - Type : ACT_ATTACK
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-120504.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-120504.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0568.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0569.nasl - Type : ACT_GATHER_INFO
2012-09-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-03.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_2.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120507_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120507_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-07-05Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1045.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1045.nasl - Type : ACT_GATHER_INFO
2012-05-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-7567.nasl - Type : ACT_GATHER_INFO
2012-05-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-7586.nasl - Type : ACT_GATHER_INFO
2012-05-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-7628.nasl - Type : ACT_GATHER_INFO
2012-05-14Name : The remote web server contains a version of PHP that allows arbitrary code ex...
File : php_cgi_query_string_code_execution.nasl - Type : ACT_ATTACK
2012-05-14Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_59b68b1e9c7811e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2465.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0547.nasl - Type : ACT_GATHER_INFO
2012-05-09Name : The remote web server uses a version of PHP that is affected by a remote code...
File : php_5_3_13.nasl - Type : ACT_GATHER_INFO
2012-05-09Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_3.nasl - Type : ACT_GATHER_INFO
2012-05-09Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-8114.nasl - Type : ACT_GATHER_INFO
2012-05-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0546.nasl - Type : ACT_GATHER_INFO
2012-05-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0547.nasl - Type : ACT_GATHER_INFO
2012-05-08Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0546.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1437-1.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_60de13d595f011e1806a001143cd36d8.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-068.nasl - Type : ACT_GATHER_INFO
2012-05-04Name : The remote web server uses a version of PHP that is affected by a remote code...
File : php_5_4_2.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
CERT-VNhttp://www.kb.cert.org/vuls/id/520827
http://www.kb.cert.org/vuls/id/673343
CONFIRMhttp://support.apple.com/kb/HT5501
http://www.php.net/archive/2012.php#id2012-05-03-1
http://www.php.net/ChangeLog-5.php#5.4.2
https://bugs.php.net/bug.php?id=61910
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&re...
HPhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://marc.info/?l=bugtraq&m=134012830914727&w=2
MISChttp://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
REDHAThttp://rhn.redhat.com/errata/RHSA-2012-0546.html
http://rhn.redhat.com/errata/RHSA-2012-0547.html
http://rhn.redhat.com/errata/RHSA-2012-0568.html
SECTRACKhttp://www.securitytracker.com/id?1027022
SECUNIAhttp://secunia.com/advisories/49014
http://secunia.com/advisories/49065
http://secunia.com/advisories/49085
http://secunia.com/advisories/49087

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2014-06-14 13:32:41
  • Multiple Updates
2014-02-17 11:09:20
  • Multiple Updates
2014-01-19 21:28:36
  • Multiple Updates
2013-11-03 17:19:10
  • Multiple Updates
2013-07-20 13:19:14
  • Multiple Updates
2013-05-10 22:36:59
  • Multiple Updates