PT-2012-1223 · Php+3 · Php+3

Published

2012-05-11

Updated

2024-06-15

CVE-2012-2336

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.13 PHP versions 5.4.x prior to 5.4.3

Description The issue is related to the handling of query strings that lack an equals sign character in the sapi/cgi/cgi main.c component of PHP, when configured as a CGI script. This allows remote attackers to cause a denial of service by placing command-line options in the query string. The problem arises from an incomplete fix for a previous issue.

Recommendations For PHP versions prior to 5.3.13, update to version 5.3.13 or later. For PHP versions 5.4.x prior to 5.4.3, update to version 5.4.3 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-02622

CESA-2012_1046

CVE-2012-2336

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

RHSA-2012:1045

RHSA-2012:1046

RHSA-2012:1047

RHSA-2012_1045

RHSA-2012_1046

RHSA-2012_1047

Affected Products

Centos

Php

Red Hat

Suse

PT-2012-1223 · Php+3 · Php+3

CVE-2012-2336

Weakness Enumeration

Related Identifiers

Affected Products

References · 133