CVE-2012-1823
Published: 11 May 2012
Summary
CVE-2012-1823 is a critical-severity Command Injection (CWE-77) vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability affects sapi/cgi/cgi_main.c in PHP versions before 5.3.12 and 5.4.x before 5.4.2 when the interpreter is configured to run as a CGI script (php-cgi). It stems from improper handling of query strings that lack an equals sign character and a failure to skip php_getopt processing in the 'd' case, which is tracked under CWE-77 and carries a CVSS 3.1 score of 9.8.
Remote attackers can exploit the flaw over the network without authentication by supplying command-line options directly in the query string, enabling them to execute arbitrary code on the affected server.
Vendor advisories referenced for this issue, including those from Apple, HP, and OpenSUSE, address mitigation through updates that resolve the CGI query-string handling defect.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2012-1833
Vulnerability details
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing…
more
command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of CGI query-string inputs to block command-line option injection via malformed strings lacking '='.
Mandates prompt application of vendor patches that correct the php_getopt handling defect in sapi/cgi/cgi_main.c.
Restricts use of php-cgi binary and disables unnecessary CGI interfaces that enable the query-string code-execution path.