CVE-2012-1823

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Broken Link Exploit
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Broken Link Exploit
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 Broken Link
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134012830914727&w=2 Mailing List
http://rhn.redhat.com/errata/RHSA-2012-0546.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0546.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0547.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0547.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0568.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0568.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0569.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0569.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0570.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0570.html Third Party Advisory
http://secunia.com/advisories/49014 Broken Link
http://secunia.com/advisories/49014 Broken Link
http://secunia.com/advisories/49065 Broken Link
http://secunia.com/advisories/49065 Broken Link
http://secunia.com/advisories/49085 Broken Link
http://secunia.com/advisories/49085 Broken Link
http://secunia.com/advisories/49087 Broken Link
http://secunia.com/advisories/49087 Broken Link
http://support.apple.com/kb/HT5501 Third Party Advisory
http://support.apple.com/kb/HT5501 Third Party Advisory
http://www.debian.org/security/2012/dsa-2465 Third Party Advisory
http://www.debian.org/security/2012/dsa-2465 Third Party Advisory
http://www.kb.cert.org/vuls/id/520827 Exploit Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/520827 Exploit Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/673343 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/673343 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 Broken Link
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List
http://www.php.net/archive/2012.php#id2012-05-03-1 Release Notes
http://www.php.net/archive/2012.php#id2012-05-03-1 Release Notes
http://www.php.net/ChangeLog-5.php#5.4.2 Exploit Patch Release Notes
http://www.php.net/ChangeLog-5.php#5.4.2 Exploit Patch Release Notes
http://www.securitytracker.com/id?1027022 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1027022 Broken Link Third Party Advisory VDB Entry
https://bugs.php.net/bug.php?id=61910 Exploit Patch
https://bugs.php.net/bug.php?id=61910 Exploit Patch
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 Patch
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*
History

06 Jan 2025, 19:21

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-77
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0547.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0547.html - Third Party Advisory
References (CONFIRM) http://www.php.net/archive/2012.php#id2012-05-03-1 - Release Notes () http://www.php.net/archive/2012.php#id2012-05-03-1 - Release Notes
References (CERT-VN) http://www.kb.cert.org/vuls/id/520827 - Exploit, Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/520827 - Exploit, Third Party Advisory, US Government Resource
References (DEBIAN) http://www.debian.org/security/2012/dsa-2465 - Third Party Advisory () http://www.debian.org/security/2012/dsa-2465 - Third Party Advisory
References (HP) http://marc.info/?l=bugtraq&m=134012830914727&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=134012830914727&w=2 - Mailing List
References (SECUNIA) http://secunia.com/advisories/49065 - Broken Link () http://secunia.com/advisories/49065 - Broken Link
References (MISC) http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - Broken Link, Exploit () http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - Broken Link, Exploit
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html - Mailing List, Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0568.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0568.html - Third Party Advisory
References (CONFIRM) http://www.php.net/ChangeLog-5.php#5.4.2 - Exploit, Patch, Release Notes () http://www.php.net/ChangeLog-5.php#5.4.2 - Exploit, Patch, Release Notes
References (CONFIRM) https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 - Patch () https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 - Patch
References (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 - Broken Link () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 - Broken Link
References (CERT-VN) http://www.kb.cert.org/vuls/id/673343 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/673343 - Third Party Advisory, US Government Resource
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0570.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0570.html - Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 - Broken Link
References (CONFIRM) http://support.apple.com/kb/HT5501 - Third Party Advisory () http://support.apple.com/kb/HT5501 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html - Mailing List, Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0546.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0546.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html - Mailing List, Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id?1027022 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1027022 - Broken Link, Third Party Advisory, VDB Entry
References (APPLE) http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html - Mailing List, Third Party Advisory () http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html - Mailing List, Third Party Advisory
References (CONFIRM) https://bugs.php.net/bug.php?id=61910 - Exploit, Patch () https://bugs.php.net/bug.php?id=61910 - Exploit, Patch
References (SECUNIA) http://secunia.com/advisories/49087 - Broken Link () http://secunia.com/advisories/49087 - Broken Link
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0569.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0569.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/49085 - Broken Link () http://secunia.com/advisories/49085 - Broken Link
References (SECUNIA) http://secunia.com/advisories/49014 - Broken Link () http://secunia.com/advisories/49014 - Broken Link

16 Jul 2024, 17:48

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : unknown 		v2 : 7.5
v3 : 9.8
CWE CWE-20 NVD-CWE-noinfo
CPE cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*		 cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
First Time Suse linux Enterprise Server
Apple
Redhat storage For Public Cloud
Fedoraproject fedora
Redhat storage
Opensuse
Debian debian Linux
Redhat enterprise Linux Server
Suse
Hp
Redhat
Redhat enterprise Linux Desktop
Fedoraproject
Opensuse opensuse
Debian
Hp hp-ux
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Workstation
Apple mac Os X
Redhat enterprise Linux Eus
Redhat application Stack
Redhat gluster Storage Server For On-premise
Suse linux Enterprise Software Development Kit
References (CERT-VN) http://www.kb.cert.org/vuls/id/520827 - Exploit, US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/520827 - Exploit, Third Party Advisory, US Government Resource
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 - Broken Link
References (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 - (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 - Broken Link
References (SECUNIA) http://secunia.com/advisories/49065 - (SECUNIA) http://secunia.com/advisories/49065 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - Mailing List, Release Notes
References (APPLE) http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html - (APPLE) http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/49085 - (SECUNIA) http://secunia.com/advisories/49085 - Broken Link
References () http://www.openwall.com/lists/oss-security/2024/06/07/1 - () http://www.openwall.com/lists/oss-security/2024/06/07/1 - Mailing List
References (CERT-VN) http://www.kb.cert.org/vuls/id/673343 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/673343 - Third Party Advisory, US Government Resource
References (SECUNIA) http://secunia.com/advisories/49014 - (SECUNIA) http://secunia.com/advisories/49014 - Broken Link
References (SECUNIA) http://secunia.com/advisories/49087 - (SECUNIA) http://secunia.com/advisories/49087 - Broken Link
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0547.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0547.html - Third Party Advisory
References (CONFIRM) http://www.php.net/ChangeLog-5.php#5.4.2 - Exploit, Patch (CONFIRM) http://www.php.net/ChangeLog-5.php#5.4.2 - Exploit, Patch, Release Notes
References (CONFIRM) http://support.apple.com/kb/HT5501 - (CONFIRM) http://support.apple.com/kb/HT5501 - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0570.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0570.html - Third Party Advisory
References (HP) http://marc.info/?l=bugtraq&m=134012830914727&w=2 - (HP) http://marc.info/?l=bugtraq&m=134012830914727&w=2 - Mailing List
References (SECTRACK) http://www.securitytracker.com/id?1027022 - (SECTRACK) http://www.securitytracker.com/id?1027022 - Broken Link, Third Party Advisory, VDB Entry
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0568.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0568.html - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0569.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0569.html - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0546.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0546.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html - Mailing List, Third Party Advisory
References (CONFIRM) https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 - (CONFIRM) https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 - Patch
References (DEBIAN) http://www.debian.org/security/2012/dsa-2465 - (DEBIAN) http://www.debian.org/security/2012/dsa-2465 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - Mailing List, Release Notes
References (MISC) http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - Exploit (MISC) http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - Broken Link, Exploit
References (CONFIRM) http://www.php.net/archive/2012.php#id2012-05-03-1 - (CONFIRM) http://www.php.net/archive/2012.php#id2012-05-03-1 - Release Notes

13 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ -

12 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/06/07/1 -
Information

Published : 2012-05-11 10:15

Updated : 2025-02-19 19:45

NVD link : CVE-2012-1823

Mitre link : CVE-2012-1823

JSON object : View

Products Affected

php

  • php

debian

  • debian_linux

redhat

  • enterprise_linux_server
  • application_stack
  • storage
  • enterprise_linux_desktop
  • gluster_storage_server_for_on-premise
  • enterprise_linux_eus
  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • storage_for_public_cloud

fedoraproject

  • fedora

hp

  • hp-ux

suse

  • linux_enterprise_server
  • linux_enterprise_software_development_kit

apple

  • mac_os_x

opensuse

  • opensuse
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')