2
Contributors
3
Replies
34
Views
5 Years
Discussion Span
Last Post by LastMitch
0

@cereal

Vulnerability in PHP CGI

I actually never try this Mod before:

     RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC]
     RewriteRule ^(.*) $1? [L]

Does it work?

Does solve the Vulnerability in PHP CGI?

1

Not completely, they posted an update few days later: http://www.php.net/archive/2012.php#id2012-05-06-1

The rewrite rule to test is this:

RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]

basically try something like this:

If you don't get the source of the page then it's reasonably safe. But it is always better to upgrade at least to 5.3.13 or 5.4.3 as suggested by PHP.net advisory. You can find more information and few patch suggestions here:

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Or search for CVE-2012-2311 on google. Anyway, remember this is related only to mod_cgi.

Edited by cereal

Votes + Comments
Thanks for Sharing!
1

@cereal

Or search for CVE-2012-2311 on google. Anyway, remember this is related only to mod_cgi.

OK, I get it now. Thanks for the link. I got a better understanding what the issue is.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.