There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years...

read more: http://www.php.net/archive/2012.php#id2012-05-03-1

Member Avatar
LastMitch

@cereal

Vulnerability in PHP CGI

I actually never try this Mod before:

     RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC]
     RewriteRule ^(.*) $1? [L]

Does it work?

Does solve the Vulnerability in PHP CGI?

Not completely, they posted an update few days later: http://www.php.net/archive/2012.php#id2012-05-06-1

The rewrite rule to test is this:

RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]

basically try something like this:

If you don't get the source of the page then it's reasonably safe. But it is always better to upgrade at least to 5.3.13 or 5.4.3 as suggested by PHP.net advisory. You can find more information and few patch suggestions here:

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Or search for CVE-2012-2311 on google. Anyway, remember this is related only to mod_cgi.

commented: Thanks for Sharing! +0
Member Avatar
LastMitch

@cereal

Or search for CVE-2012-2311 on google. Anyway, remember this is related only to mod_cgi.

OK, I get it now. Thanks for the link. I got a better understanding what the issue is.