PT-2012-1223 · Php+3 · Php+3

Publicado

2012-05-11

Atualizado

2024-06-15

CVE-2012-2336

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.13 PHP versions 5.4.x prior to 5.4.3

Description The issue is related to the handling of query strings that lack an equals sign character in the sapi/cgi/cgi main.c component of PHP, when configured as a CGI script. This allows remote attackers to cause a denial of service by placing command-line options in the query string. The problem arises from an incomplete fix for a previous issue.

Recommendations For PHP versions prior to 5.3.13, update to version 5.3.13 or later. For PHP versions 5.4.x prior to 5.4.3, update to version 5.4.3 or later.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2022-02622

CESA-2012_1046

CVE-2012-2336

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

RHSA-2012:1045

RHSA-2012:1046

RHSA-2012:1047

RHSA-2012_1045

RHSA-2012_1046

RHSA-2012_1047

Produtos afetados

Centos

Php

Red Hat

Suse

PT-2012-1223 · Php+3 · Php+3

CVE-2012-2336

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 133