Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-2335

Опубликовано: 03 мая 2012
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Отчет

The mitigation for CVE-2012-2335 is included in the following PHP updates for Red Hat Enterprise Linux 5 and 6, which also address CVE-2012-2336 (BZ#820708): https://rhn.redhat.com/errata/RHSA-2012-1045.html https://rhn.redhat.com/errata/RHSA-2012-1046.html https://rhn.redhat.com/errata/RHSA-2012-1047.html

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Application Stack v2 for Enterprise LinuxphpWill not fix
Red Hat Enterprise Linux 3phpNot affected
Red Hat Enterprise Linux 4phpNot affected
Red Hat Enterprise Linux 5phpAffected
Red Hat Enterprise Linux 5php53Affected
Red Hat Enterprise Linux 6phpAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=820874php: incomplete CVE-2012-1823 fix - insecure wrapper

EPSS

Процентиль: 92%
0.08481
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-2335

ubuntu
больше 13 лет назад

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

nvd логотип

CVE-2012-2335

nvd
больше 13 лет назад

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

github логотип

GHSA-ppq5-vhcq-mxw2

github
больше 3 лет назад

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

EPSS

Процентиль: 92%
0.08481
Низкий

5.1 Medium

CVSS2