Red Hat Customer Portal

Skip to main content

CVE-2012-2311

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Details Source

Mitre

Statement

Not vulnerable. Red Hat did not release PHP package updates addressing CVE-2012-1823 that introduce the CVE-2012-2311 issue. Therefore, this CVE does not affect any Red Hat products.

Public Date

2012-05-03 00:00:00

Impact

Critical

Bugzilla

CVE-2012-2311 php: incomplete CVE-2012-1823 fix - incorrect check for =

Bugzilla ID

818 907

CVSS Status

draft

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 php Not affected
Red Hat Enterprise Linux 5 php53 Not affected
Red Hat Enterprise Linux 5 php Not affected
Red Hat Enterprise Linux 4 php Not affected
Red Hat Enterprise Linux 3 php Not affected
Red Hat Application Stack v2 for Enterprise Linux (v.5) php Not affected