1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: PHP CGI CVE-2012-1823

Attack: PHP CGI CVE-2012-1823

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature dectects attempts to exploit a vulnerability in PHP CGI which could result to remote code execution

Additional Information

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

Direct access to the CGI binary can be prevented by using the configuration option '--enable-force-cgi-redirect' and the php.ini option 'cgi.force_redirect'.

A vulnerability exists in PHP when configured as a CGI script that renders these options useless. This is because it fails to properly handle query strings that lack an equals sign character. This allows remote attackers to directly access the CGI binary and to read any file that is readable by the web server user, or to potentially execute arbitrary PHP code.

Affected

  • PHP before 5.3.12 and 5.4.x before 5.4.2

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube