NVD

Id
44148  
Name
CVE-2012-2335  
Description
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-05-11  
Modified Date
2013-07-23  
Seq
2012-2335  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
221775 44148 CVE-2012-2335 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/  View
221776 44148 CVE-2012-2335 http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569  View
221777 44148 CVE-2012-2335 SUSE-SU-2012:0840  View
221778 44148 CVE-2012-2335 VU#520827  View
221779 44148 CVE-2012-2335 http://www.php.net/archive/2012.php#id2012-05-06-1  View
221780 44148 CVE-2012-2335 php-phpwrapperfcgi-code-exec(75652)  View
221781 44148 CVE-2012-2335 https://bugs.php.net/bug.php?id=61910  View
221782 44148 CVE-2012-2335 SSRT100992  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26687 JVNDB-2012-002394 PHP の php-wrapper.fcgi における保護メカニズムを回避される脆弱性 PHP の php-wrapper.fcgi は、コマンドラインの引数を適切に処理しないため、保護メカニズムを回避される、または任意のコードを実行される脆弱性が存在します。 CVE-2012-2335 55573 CVE-2012-2335 44148 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002394.html 2012-05-11 2012-07-26 View