Fluid Attacks Database

Description

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel5	php
rpm rhel6	php
rpm rhel5	php53

Aliases

1. CVE-2012-23352. NVD-2012-23353. OSV-2012-2335

References

1. https://vulncheck.com/cve/CVE-2012-2335

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.