Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:PHP:PHP-CGI-CMD-LINE-RCE |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PHP 'php-cgi' Command Line Attribute Remote Code Execution |
Release Date |
2012/05/08 |
Update Number |
2132 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: PHP 'php-cgi' Command Line Attribute Remote Code Execution
This signature detects attempts to exploit a known flaw in the PHP Common Gateway Interface (PHP-CGI). A successful attack could result in arbitrary code execution with the permissions of the web server process. This issue is currently being actively exploited in the wild by malicious users. Patches are available.
Extended Description
PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible.
Affected Products
- Avaya aura_application_enablement_services 5.2
- Avaya aura_application_enablement_services 5.2.1
- Avaya aura_application_enablement_services 5.2.2
- Avaya aura_application_enablement_services 5.2.3
- Avaya aura_application_enablement_services 6.1
- Avaya aura_application_enablement_services 6.1.1
- Avaya aura_communication_manager 6.0
- Avaya aura_communication_manager 6.0.1
- Avaya aura_communication_manager_utility_services 6.0
- Avaya aura_communication_manager_utility_services 6.1
- Avaya aura_communication_manager_utility_services 6.2
- Avaya aura_messaging 6.0
- Avaya aura_messaging 6.0.1
- Avaya aura_messaging 6.1
- Avaya aura_session_manager 5.2
- Avaya aura_session_manager 5.2 SP1
- Avaya aura_session_manager 5.2 SP2
- Avaya ip_office_application_server 6.0
- Avaya ip_office_application_server 6.1
- Avaya ip_office_application_server 7.0
- Avaya ip_office_application_server 8.0
- Avaya ip_office_application_server 8.1
- Avaya voice_portal 5.0
- Avaya voice_portal 5.0 SP1
- Avaya voice_portal 5.0 SP2
- Avaya voice_portal 5.1
- Avaya voice_portal 5.1
- Avaya voice_portal 5.1.1
- Avaya voice_portal 5.1.2
- Avaya voice_portal 5.1 SP1
- Debian linux 6.0 amd64
- Debian linux 6.0 arm
- Debian linux 6.0 ia-32
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Debian linux 6.0 powerpc
- Debian linux 6.0 s/390
- Debian linux 6.0 sparc
- Hp hp-ux B.11.23
- Hp hp-ux B.11.31
- Hp system_management_homepage 6.0
- Hp system_management_homepage 6.1
- Hp system_management_homepage 6.2
- Hp system_management_homepage 6.3
- Hp system_management_homepage 7.0
- Hp system_management_homepage 7.1
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2010.1
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2011
- Mandriva linux_mandrake 2011 x86_64
- Oracle enterprise_linux 5
- Oracle enterprise_linux 6
- Oracle enterprise_linux 6.2
- Php php 5.3.1
- Php php 5.3.10
- Php php 5.3.12
- Php php 5.3.2
- Php php 5.3.3
- Php php 5.3.4
- Php php 5.3.5
- Php php 5.3.6
- Php php 5.3.7
- Php php 5.3.8
- Php php 5.3.9
- Php php 5.4.0
- Php php 5.4.1
- Php php 5.4.2
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux_desktop_optional 6
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_eus 5.6.z server
- Red_hat enterprise_linux_hpc_node 6
- Red_hat enterprise_linux_hpc_node_optional 6
- Red_hat enterprise_linux_long_life 5.3 Server
- Red_hat enterprise_linux_server 6
- Red_hat enterprise_linux_server_eus 6.0
- Red_hat enterprise_linux_server_eus 6.1.z
- Red_hat enterprise_linux_server_optional 6
- Red_hat enterprise_linux_server_optional_eus 6.0
- Red_hat enterprise_linux_server_optional_eus 6.1
- Red_hat enterprise_linux_workstation 6
- Red_hat enterprise_linux_workstation_optional 6
- Red_hat fedora 15
- Red_hat fedora 16
- Red_hat fedora 17
- Suse opensuse 11.4
- Suse opensuse 12.1
- Suse suse_linux_enterprise_sdk 10 SP4
- Suse suse_linux_enterprise_sdk 11 SP1
- Suse suse_linux_enterprise_sdk 11 SP2
- Suse suse_linux_enterprise_server 10 SP4
- Suse suse_linux_enterprise_server 11 SP1
- Suse suse_linux_enterprise_server 11 SP2
- Suse suse_linux_enterprise_server_for_vmware 11 SP1
- Suse suse_linux_enterprise_server_for_vmware 11 SP2
- Turbolinux 11_server x64
- Turbolinux 11_server
- Turbolinux appliance_server 3.0
- Turbolinux appliance_server 3.0 X64
- Turbolinux client 2008
- Ubuntu ubuntu_linux 10.04 Amd64
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Ubuntu ubuntu_linux 11.04 powerpc
- Ubuntu ubuntu_linux 11.10 amd64
- Ubuntu ubuntu_linux 11.10 i386
- Ubuntu ubuntu_linux 12.04 LTS amd64
- Ubuntu ubuntu_linux 12.04 LTS i386
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
References
- BugTraq: 53388
- CVE: CVE-2012-1823
- CVE: CVE-2012-2311
- URL: http://www.php.net/archive/2012.php#id2012-05-03-1
- URL: http://www.kb.cert.org/vuls/id/520827
- URL: http://kb.parallels.com/en/116241
- URL: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- URL: http://www.php.net/archive/2012.php#id2012-05-08-1