CVE-2012-2336

MEDIUM severity · CVSS 5 · Improper input validation

5CVSS MEDIUM

Summary

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)47%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (1)

PHP

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://secunia.com/advisories/49014Advisory
http://www.php.net/archive/2012.php#id2012-05-08-1Advisory
https://bugs.php.net/bug.php?id=61910Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
http://www.php.net/ChangeLog-5.php#5.4.3
https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862