Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-2336

Опубликовано: 03 мая 2012
Источник: redhat
CVSS2: 7.5
EPSS Средний

Описание

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3phpNot affected
Red Hat Enterprise Linux 4phpNot affected
Red Hat Enterprise Linux 5phpFixedRHSA-2012:104527.06.2012
Red Hat Enterprise Linux 5php53FixedRHSA-2012:104727.06.2012
Red Hat Enterprise Linux 6phpFixedRHSA-2012:104627.06.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-228->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=820708php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h

EPSS

Процентиль: 93%
0.10185
Средний

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-2336

ubuntu
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

nvd логотип

CVE-2012-2336

nvd
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

debian логотип

CVE-2012-2336

debian
около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...

github логотип

GHSA-gjrg-p28q-p9w2

github
около 3 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

fstec логотип

BDU:2022-02622

CVSS3: 3.7
fstec
около 13 лет назад

Уязвимость компонента sapi/cgi/cgi_main.c интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.10185
Средний

7.5 High

CVSS2

Уязвимость CVE-2012-2336