CVE-2012-1823
11.05.2012, 10:15
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 𝑥 < 5.3.12 |
| php | php | 5.4.0 ≤ 𝑥 < 5.4.2 |
| debian | debian_linux | 6.0 |
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.1 |
| apple | mac_os_x | 10.6.8 ≤ 𝑥 < 10.7.5 |
| apple | mac_os_x | 10.8.0 ≤ 𝑥 < 10.8.2 |
| redhat | application_stack | 2.0 |
| redhat | gluster_storage_server_for_on-premise | 2.0 |
| redhat | storage | 2.0 |
| redhat | storage_for_public_cloud | 2.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 5.6 |
| redhat | enterprise_linux_eus | 6.1 |
| redhat | enterprise_linux_eus | 6.2 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_aus | 5.3 |
| redhat | enterprise_linux_server_aus | 5.6 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_workstation | 6.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| php |
| ||
| php-bcmath |
| ||
| php-cli |
| ||
| php-common |
| ||
| php-dba |
| ||
| php-devel |
| ||
| php-embedded |
| ||
| php-enchant |
| ||
| php-gd |
| ||
| php-imap |
| ||
| php-intl |
| ||
| php-ldap |
| ||
| php-mbstring |
| ||
| php-mysql |
| ||
| php-odbc |
| ||
| php-pdo |
| ||
| php-pgsql |
| ||
| php-process |
| ||
| php-pspell |
| ||
| php-recode |
| ||
| php-snmp |
| ||
| php-soap |
| ||
| php-tidy |
| ||
| php-xml |
| ||
| php-xmlrpc |
| ||
| php-zts |
|
References