Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2022-02622

Опубликовано: 11 мая 2012
Источник: fstec
CVSS3: 3.7
CVSS2: 5
EPSS Средний

Описание

Уязвимость компонента sapi/cgi/cgi_main.c интерпретатора языка программирования PHP существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Вендор

Red Hat Inc.
Canonical Ltd.
Novell Inc.
PHP Group

Наименование ПО

Red Hat Enterprise Linux
Ubuntu
OpenSUSE Leap
PHP

Версия ПО

5 (Red Hat Enterprise Linux)
6 (Red Hat Enterprise Linux)
12.04 (Ubuntu)
15.0 (OpenSUSE Leap)
11.10 (Ubuntu)
11.04 (Ubuntu)
10.04 (Ubuntu)
5.4.2 (PHP)
5.4.1 (PHP)
5.4.0 (PHP)
8.04 (Ubuntu)
5.3.6 (PHP)
5.3.5 (PHP)
5.2.10 (PHP)
5.2.13 (PHP)
5.2.4 (PHP)
5.2.3 (PHP)
5.1.1 (PHP)
5.1.6 (PHP)
5.0.0beta3 (PHP)
4.3.10 (PHP)
4.3.6 (PHP)
4.3.7 (PHP)
4.1.2 (PHP)
4.1.1 (PHP)
4.4.9 (PHP)
4.4.1 (PHP)
4.0beta 4 patch1 (PHP)
4.0beta3 (PHP)
3.0.11 (PHP)
3.0.4 (PHP)
3.0.5 (PHP)
5.3.11 (PHP)
5.3.4 (PHP)
5.3.9 (PHP)
5.3.2 (PHP)
5.3.10 (PHP)
5.2.5 (PHP)
5.2.11 (PHP)
5.2.14 (PHP)
5.2.1 (PHP)
5.1.4 (PHP)
5.1.5 (PHP)
5.0.0beta2 (PHP)
5.0.2 (PHP)
5.3.8 (PHP)
5.3.1 (PHP)
5.3.7 (PHP)
4.3.1 (PHP)
4.4.8 (PHP)
4.2.0 (PHP)
4.3.0 (PHP)
4.4.4 (PHP)
4.0beta1 (PHP)
4.0.5 (PHP)
4.0.4 (PHP)
3.0.10 (PHP)
3.0.3 (PHP)
3.0.6 (PHP)
5.2.16 (PHP)
4.3.11 (PHP)
4.3.4 (PHP)
4.2.2 (PHP)
4.4.5 (PHP)
4.0.1 (PHP)
4.0.0 (PHP)
4.0.3 (PHP)
4.0.2 (PHP)
5.3.0 (PHP)
5.2.12 (PHP)
5.2.0 (PHP)
5.2.7 (PHP)
5.2.15 (PHP)
4.3.2 (PHP)
4.2.3 (PHP)
4.4.0 (PHP)
4.0beta2 (PHP)
3.0.13 (PHP)
3.0.15 (PHP)
2.0b10 (PHP)
до 5.3.12 включительно (PHP)
5.3.3 (PHP)
5.2.6 (PHP)
5.2.9 (PHP)
5.0.4 (PHP)
5.0.3 (PHP)
5.0.0rc2 (PHP)
4.3.8 (PHP)
4.3.9 (PHP)
3.0.12 (PHP)
3.0.1 (PHP)
3.0.14 (PHP)
3.0.17 (PHP)
2.0 (PHP)
1.0 (PHP)
5.2.8 (PHP)
5.2.2 (PHP)
5.2.17 (PHP)
5.1.3 (PHP)
5.1.2 (PHP)
5.0.5 (PHP)
5.0.1 (PHP)
5.4.0beta2 (PHP)
5.0.0rc3 (PHP)
4.3.3 (PHP)
3.0 (PHP)
3.0.16 (PHP)
3.0.9 (PHP)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 5
Red Hat Inc. Red Hat Enterprise Linux 6
Canonical Ltd. Ubuntu 12.04
Novell Inc. OpenSUSE Leap 15.0
Canonical Ltd. Ubuntu 11.10
Canonical Ltd. Ubuntu 11.04
Canonical Ltd. Ubuntu 10.04
Canonical Ltd. Ubuntu 8.04

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5)
Низкий уровень опасности (базовая оценка CVSS 3.0 составляет 3,7)

Возможные меры по устранению уязвимости

Использование рекомендаций:
http://www.php.net/archive/2012.php#id2012-05-08-1
https://bugs.php.net/bug.php?id=61910
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2012-2336
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2336.xml
Для Ubuntu:
https://ubuntu.com/security/CVE-2012-2336

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 93%
0.10185
Средний

3.7 Low

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-2336

ubuntu
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

redhat логотип

CVE-2012-2336

redhat
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

nvd логотип

CVE-2012-2336

nvd
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

debian логотип

CVE-2012-2336

debian
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...

github логотип

GHSA-gjrg-p28q-p9w2

github
около 3 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

EPSS

Процентиль: 93%
0.10185
Средний

3.7 Low

CVSS3

5 Medium

CVSS2