Your submission was sent successfully! Close

CVE-2012-2335

Published: 11 May 2012

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Priority

Negligible

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
hardy
Released (5.2.4-2ubuntu5.25)
lucid
Released (5.3.2-1ubuntu4.17)
natty
Released (5.3.5-1ubuntu7.10)
oneiric
Released (5.3.6-13ubuntu3.8)
precise
Released (5.3.10-1ubuntu3.2)
upstream
Released (5.4.3, 5.3.13)