CVE-2012-1823 - Vulnerability Details

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is in the KEV database since March 25, 2022.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Apple	Mac Os X
Debian	Debian Linux
Fedoraproject	Fedora
Hp	Hp-ux
Opensuse	Opensuse
Php	Php
Redhat	Application Stack Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Workstation Gluster Storage Server For On-premise Rhel Eus Rhel Mission Critical Storage Storage For Public Cloud
Suse	Linux Enterprise Server Linux Enterprise Software Development Kit

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:hp:hp-ux:b.11.23:::::::*
	cpe:2.3:o:hp:hp-ux:b.11.31:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::

Configuration 6 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 7 [-]

OR	cpe:2.3:a:redhat:application_stack:2.0:::::::*
	cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:::::::*
	cpe:2.3:a:redhat:storage:2.0:::::::*
	cpe:2.3:a:redhat:storage_for_public_cloud:2.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:5.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
php-0:5.1.6-34.el5_8	cpe:/o:redhat:enterprise_linux:5	RHSA-2012:0546	2012-05-07T00:00:00Z
php53-0:5.3.3-7.el5_8	cpe:/o:redhat:enterprise_linux:5	RHSA-2012:0547	2012-05-07T00:00:00Z
Red Hat Enterprise Linux 5.3 Long Life
php-0:5.1.6-23.3.el5_3	cpe:/o:redhat:rhel_mission_critical:5.3	RHSA-2012:0568	2012-05-10T00:00:00Z
Red Hat Enterprise Linux 5.6 EUS - Server Only
php-0:5.1.6-27.el5_6.4	cpe:/o:redhat:rhel_eus:5.6	RHSA-2012:0568	2012-05-10T00:00:00Z
php53-0:5.3.3-1.el5_6.2	cpe:/o:redhat:rhel_eus:5.6	RHSA-2012:0569	2012-05-10T00:00:00Z
Red Hat Enterprise Linux 6
php-0:5.3.3-3.el6_2.8	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:0546	2012-05-07T00:00:00Z
Red Hat Enterprise Linux 6.0 EUS - Server Only
php-0:5.3.2-6.el6_0.2	cpe:/o:redhat:rhel_eus:6.0	RHSA-2012:0568	2012-05-10T00:00:00Z
Red Hat Enterprise Linux 6.1 EUS - Server Only
php-0:5.3.3-3.el6_1.4	cpe:/o:redhat:rhel_eus:6.1	RHSA-2012:0568	2012-05-10T00:00:00Z

References

Link	Providers
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://rhn.redhat.com/errata/RHSA-2012-0546.html
http://rhn.redhat.com/errata/RHSA-2012-0547.html
http://rhn.redhat.com/errata/RHSA-2012-0568.html
http://rhn.redhat.com/errata/RHSA-2012-0569.html
http://rhn.redhat.com/errata/RHSA-2012-0570.html
http://secunia.com/advisories/49014
http://secunia.com/advisories/49065
http://secunia.com/advisories/49085
http://secunia.com/advisories/49087
http://support.apple.com/kb/HT5501
http://www.debian.org/security/2012/dsa-2465
http://www.kb.cert.org/vuls/id/520827
http://www.kb.cert.org/vuls/id/673343
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
http://www.openwall.com/lists/oss-security/2024/06/07/1
http://www.php.net/ChangeLog-5.php#5.4.2
http://www.php.net/archive/2012.php#id2012-05-03-1
http://www.securitytracker.com/id?1027022
https://bugs.php.net/bug.php?id=61910
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
https://nvd.nist.gov/vuln/detail/CVE-2012-1823
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2012-1823

History

Fri, 07 Feb 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-25'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 06 Jan 2025 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	NVD-CWE-noinfo	CWE-77

Tue, 13 Aug 2024 23:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-05-11T10:00:00.000Z

Updated: 2025-02-07T13:17:23.648Z

Reserved: 2012-03-21T00:00:00.000Z

Link: CVE-2012-1823

Vulnrichment

Updated: 2024-08-06T19:08:38.505Z

NVD

Status : Deferred

Published: 2012-05-11T10:15:48.043

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1823

Redhat

Severity : Critical

Publid Date: 2012-05-03T00:00:00Z

Links: CVE-2012-1823 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2012-1823", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "dateUpdated": "2025-02-07T13:17:23.648Z", "dateReserved": "2012-03-21T00:00:00.000Z", "datePublished": "2012-05-11T10:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-06-13T04:06:14.603Z"}, "descriptions": [{"lang": "en", "value": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "SSRT100856", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"name": "SUSE-SU-2012:0604", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"}, {"name": "1027022", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id?1027022"}, {"name": "HPSBMU02786", "tags": ["vendor-advisory"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"name": "MDVSA-2012:068", "tags": ["vendor-advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068"}, {"name": "openSUSE-SU-2012:0590", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"}, {"name": "RHSA-2012:0546", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html"}, {"name": "RHSA-2012:0568", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html"}, {"name": "RHSA-2012:0569", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html"}, {"url": "http://www.php.net/ChangeLog-5.php#5.4.2"}, {"name": "49014", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/49014"}, {"name": "RHSA-2012:0570", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html"}, {"name": "SUSE-SU-2012:0598", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"}, {"url": "https://bugs.php.net/bug.php?id=61910"}, {"name": "VU#673343", "tags": ["third-party-advisory"], "url": "http://www.kb.cert.org/vuls/id/673343"}, {"name": "RHSA-2012:0547", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html"}, {"name": "APPLE-SA-2012-09-19-2", "tags": ["vendor-advisory"], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"}, {"url": "http://support.apple.com/kb/HT5501"}, {"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"}, {"name": "49065", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/49065"}, {"name": "VU#520827", "tags": ["third-party-advisory"], "url": "http://www.kb.cert.org/vuls/id/520827"}, {"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1"}, {"name": "SSRT100877", "tags": ["vendor-advisory"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"name": "HPSBUX02791", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"name": "DSA-2465", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2012/dsa-2465"}, {"name": "49085", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/49085"}, {"url": "http://www.php.net/archive/2012.php#id2012-05-03-1"}, {"name": "49087", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/49087"}, {"name": "[oss-security] 20240606 PHP security releases 8.3.8, 8.2.20, and 8.1.29", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"name": "FEDORA-2024-49aba7b305", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"name": "FEDORA-2024-52c23ef1ec", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2012-05-03T00:00:00.000Z"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:08:38.505Z"}, "title": "CVE Program Container", "references": [{"name": "SSRT100856", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"name": "SUSE-SU-2012:0604", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"}, {"name": "1027022", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id?1027022"}, {"name": "HPSBMU02786", "tags": ["vendor-advisory", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"name": "MDVSA-2012:068", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068"}, {"name": "openSUSE-SU-2012:0590", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"}, {"name": "RHSA-2012:0546", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html"}, {"name": "RHSA-2012:0568", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html"}, {"name": "RHSA-2012:0569", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html"}, {"url": "http://www.php.net/ChangeLog-5.php#5.4.2", "tags": ["x_transferred"]}, {"name": "49014", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/49014"}, {"name": "RHSA-2012:0570", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html"}, {"name": "SUSE-SU-2012:0598", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"}, {"url": "https://bugs.php.net/bug.php?id=61910", "tags": ["x_transferred"]}, {"name": "VU#673343", "tags": ["third-party-advisory", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/673343"}, {"name": "RHSA-2012:0547", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html"}, {"name": "APPLE-SA-2012-09-19-2", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"}, {"url": "http://support.apple.com/kb/HT5501", "tags": ["x_transferred"]}, {"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/", "tags": ["x_transferred"]}, {"name": "49065", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/49065"}, {"name": "VU#520827", "tags": ["third-party-advisory", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/520827"}, {"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1", "tags": ["x_transferred"]}, {"name": "SSRT100877", "tags": ["vendor-advisory", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"name": "HPSBUX02791", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"name": "DSA-2465", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2465"}, {"name": "49085", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/49085"}, {"url": "http://www.php.net/archive/2012.php#id2012-05-03-1", "tags": ["x_transferred"]}, {"name": "49087", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/49087"}, {"name": "[oss-security] 20240606 PHP security releases 8.3.8, 8.2.20, and 8.1.29", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"name": "FEDORA-2024-49aba7b305", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"name": "FEDORA-2024-52c23ef1ec", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2012-1823", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:10:55.600294Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1823"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:17:23.648Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2", "name": "SSRT100856", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html", "name": "SUSE-SU-2012:0604", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.securitytracker.com/id?1027022", "name": "1027022", "tags": ["vdb-entry", "x_transferred"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "name": "HPSBMU02786", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068", "name": "MDVSA-2012:068", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html", "name": "openSUSE-SU-2012:0590", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html", "name": "RHSA-2012:0546", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html", "name": "RHSA-2012:0568", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html", "name": "RHSA-2012:0569", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.php.net/ChangeLog-5.php#5.4.2", "tags": ["x_transferred"]}, {"url": "http://secunia.com/advisories/49014", "name": "49014", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html", "name": "RHSA-2012:0570", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html", "name": "SUSE-SU-2012:0598", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://bugs.php.net/bug.php?id=61910", "tags": ["x_transferred"]}, {"url": "http://www.kb.cert.org/vuls/id/673343", "name": "VU#673343", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html", "name": "RHSA-2012:0547", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", "name": "APPLE-SA-2012-09-19-2", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://support.apple.com/kb/HT5501", "tags": ["x_transferred"]}, {"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/", "tags": ["x_transferred"]}, {"url": "http://secunia.com/advisories/49065", "name": "49065", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://www.kb.cert.org/vuls/id/520827", "name": "VU#520827", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1", "tags": ["x_transferred"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "name": "SSRT100877", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2", "name": "HPSBUX02791", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.debian.org/security/2012/dsa-2465", "name": "DSA-2465", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://secunia.com/advisories/49085", "name": "49085", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://www.php.net/archive/2012.php#id2012-05-03-1", "tags": ["x_transferred"]}, {"url": "http://secunia.com/advisories/49087", "name": "49087", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "name": "[oss-security] 20240606 PHP security releases 8.3.8, 8.2.20, and 8.1.29", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "name": "FEDORA-2024-49aba7b305", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "name": "FEDORA-2024-52c23ef1ec", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:08:38.505Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2012-1823", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:10:55.600294Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1823"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:10:53.802Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-03T00:00:00.000Z", "references": [{"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2", "name": "SSRT100856", "tags": ["vendor-advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html", "name": "SUSE-SU-2012:0604", "tags": ["vendor-advisory"]}, {"url": "http://www.securitytracker.com/id?1027022", "name": "1027022", "tags": ["vdb-entry"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "name": "HPSBMU02786", "tags": ["vendor-advisory"]}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068", "name": "MDVSA-2012:068", "tags": ["vendor-advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html", "name": "openSUSE-SU-2012:0590", "tags": ["vendor-advisory"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html", "name": "RHSA-2012:0546", "tags": ["vendor-advisory"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html", "name": "RHSA-2012:0568", "tags": ["vendor-advisory"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html", "name": "RHSA-2012:0569", "tags": ["vendor-advisory"]}, {"url": "http://www.php.net/ChangeLog-5.php#5.4.2"}, {"url": "http://secunia.com/advisories/49014", "name": "49014", "tags": ["third-party-advisory"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html", "name": "RHSA-2012:0570", "tags": ["vendor-advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html", "name": "SUSE-SU-2012:0598", "tags": ["vendor-advisory"]}, {"url": "https://bugs.php.net/bug.php?id=61910"}, {"url": "http://www.kb.cert.org/vuls/id/673343", "name": "VU#673343", "tags": ["third-party-advisory"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html", "name": "RHSA-2012:0547", "tags": ["vendor-advisory"]}, {"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", "name": "APPLE-SA-2012-09-19-2", "tags": ["vendor-advisory"]}, {"url": "http://support.apple.com/kb/HT5501"}, {"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"}, {"url": "http://secunia.com/advisories/49065", "name": "49065", "tags": ["third-party-advisory"]}, {"url": "http://www.kb.cert.org/vuls/id/520827", "name": "VU#520827", "tags": ["third-party-advisory"]}, {"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041", "name": "SSRT100877", "tags": ["vendor-advisory"]}, {"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2", "name": "HPSBUX02791", "tags": ["vendor-advisory"]}, {"url": "http://www.debian.org/security/2012/dsa-2465", "name": "DSA-2465", "tags": ["vendor-advisory"]}, {"url": "http://secunia.com/advisories/49085", "name": "49085", "tags": ["third-party-advisory"]}, {"url": "http://www.php.net/archive/2012.php#id2012-05-03-1"}, {"url": "http://secunia.com/advisories/49087", "name": "49087", "tags": ["third-party-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "name": "[oss-security] 20240606 PHP security releases 8.3.8, 8.2.20, and 8.1.29", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "name": "FEDORA-2024-49aba7b305", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "name": "FEDORA-2024-52c23ef1ec", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-06-13T04:06:14.603Z"}}}, "cveMetadata": {"cveId": "CVE-2012-1823", "state": "PUBLISHED", "dateUpdated": "2025-02-07T13:17:23.648Z", "dateReserved": "2012-03-21T00:00:00.000Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2012-05-11T10:00:00.000Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "PHP-CGI Query String Parameter Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7565237-10C7-44C5-BFA0-24C84E7B10C3", "versionEndExcluding": "5.3.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E2DD924-DBE9-438D-B5D9-60840046CA08", "versionEndExcluding": "5.4.2", "versionStartIncluding": "5.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*", "matchCriteriaId": "12C73959-3E02-4847-8962-651D652800EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*", "matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF149F33-4D3B-4252-8D96-AB912B2DEB43", "versionEndExcluding": "10.7.5", "versionStartIncluding": "10.6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "283B3DF2-DAFA-4333-B3CF-181ACD635137", "versionEndExcluding": "10.8.2", "versionStartIncluding": "10.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "847A353B-833B-4A2A-8B87-2C6BA88A8CC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3BEEC943-452C-4A19-B492-5EC8ADE427CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0554C89-3716-49F3-BFAE-E008D5E4E29C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB6ADFB8-210D-4E46-82A2-1C8705928382", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case."}, {"lang": "es", "value": "sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (tambi\u00e9n conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un car\u00e1cter = (signo igual), lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la colocaci\u00f3n de l\u00ednea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'."}], "id": "CVE-2012-1823", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2012-05-11T10:15:48.043", "references": [{"source": "cret@cert.org", "tags": ["Broken Link", "Exploit"], "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"}, {"source": "cret@cert.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "cret@cert.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "cret@cert.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "cret@cert.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49014"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49065"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49085"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49087"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT5501"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2465"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/520827"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/673343"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068"}, {"source": "cret@cert.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"source": "cret@cert.org", "tags": ["Exploit", "Patch", "Release Notes"], "url": "http://www.php.net/ChangeLog-5.php#5.4.2"}, {"source": "cret@cert.org", "tags": ["Release Notes"], "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"}, {"source": "cret@cert.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1027022"}, {"source": "cret@cert.org", "tags": ["Exploit", "Patch"], "url": "https://bugs.php.net/bug.php?id=61910"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Exploit"], "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0547.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0568.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0569.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0570.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49065"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/49087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT5501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/520827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/673343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Release Notes"], "url": "http://www.php.net/ChangeLog-5.php#5.4.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1027022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugs.php.net/bug.php?id=61910"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0546", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "php-0:5.1.6-34.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-05-07T00:00:00Z"}, {"advisory": "RHSA-2012:0547", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "php53-0:5.3.3-7.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-05-07T00:00:00Z"}, {"advisory": "RHSA-2012:0568", "cpe": "cpe:/o:redhat:rhel_mission_critical:5.3", "package": "php-0:5.1.6-23.3.el5_3", "product_name": "Red Hat Enterprise Linux 5.3 Long Life", "release_date": "2012-05-10T00:00:00Z"}, {"advisory": "RHSA-2012:0568", "cpe": "cpe:/o:redhat:rhel_eus:5.6", "package": "php-0:5.1.6-27.el5_6.4", "product_name": "Red Hat Enterprise Linux 5.6 EUS - Server Only", "release_date": "2012-05-10T00:00:00Z"}, {"advisory": "RHSA-2012:0569", "cpe": "cpe:/o:redhat:rhel_eus:5.6", "package": "php53-0:5.3.3-1.el5_6.2", "product_name": "Red Hat Enterprise Linux 5.6 EUS - Server Only", "release_date": "2012-05-10T00:00:00Z"}, {"advisory": "RHSA-2012:0546", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "php-0:5.3.3-3.el6_2.8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-05-07T00:00:00Z"}, {"advisory": "RHSA-2012:0568", "cpe": "cpe:/o:redhat:rhel_eus:6.0", "package": "php-0:5.3.2-6.el6_0.2", "product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only", "release_date": "2012-05-10T00:00:00Z"}, {"advisory": "RHSA-2012:0568", "cpe": "cpe:/o:redhat:rhel_eus:6.1", "package": "php-0:5.3.3-3.el6_1.4", "product_name": "Red Hat Enterprise Linux 6.1 EUS - Server Only", "release_date": "2012-05-10T00:00:00Z"}], "bugzilla": {"description": "php: command line arguments injection when run in CGI mode (VU#520827)", "id": "818607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=818607"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case."], "name": "CVE-2012-1823", "package_state": [{"cpe": "cpe:/a:redhat:rhel_application_stack:2", "fix_state": "Affected", "package_name": "php", "product_name": "Red Hat Application Stack v2 for Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:rhel_eus:5.3", "fix_state": "Affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.3"}], "public_date": "2012-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-1823\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1823\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This flaw did not affect the versions of PHP in Red Hat Enterprise Linux 3 or 4. Updates were released for Red Hat Enterprise Linux 5 and 6 (RHSA-2012:0546, RHSA-2012:0547), Red Hat Enterprise Linux 5.3 Long Life (RHSA-2012:0568), Red Hat Enterprise Linux 5.6, 6.0, and 6.1 Extended Update Support (RHSA-2012:0568, RHSA-2012:0569), and Red Hat Application Stack v2 (RHSA-2012:0570).\nThis flaw only affected PHP CGI configurations and it did not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.\nNote that this issue was not fixed completely the first time, which resulted in the assignment of additional related CVE identifiers - CVE-2012-2311, CVE-2012-2335, and CVE-2012-2336. Refer to the Red Hat CVE Database and the Red Hat Bugzilla for additional information on how those CVEs affect Red Hat products.", "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object