Solved

PHP php-cgi Query String Parameter Parsing Exploit Attempt

Posted on 2014-10-29
1
485 Views
Last Modified: 2014-11-25
I currently have a Web/FTP server that is running Windows 2008R2 standard that is getting monitored for ISP traffic and currently they are seeing

'50744 VID43969 PHP php-cgi Query String Parameter Parsing Exploit Attempt Inbound (CVE-2012-1823)' they are saying that one or more external hosts are attempting to discover whether one of your Internet-facing devices is vulnerable to either the PHP-CGI argument injection (CVE-2012-1823) or the PHP-CGI improper handling of query strings (CVE-2012-2311) vulnerabilities. Successful exploitation of these vulnerabilities may result in information disclosure or remote code execution.
I am not sure what this means and how to protect the system.
0
Comment
Question by:ahmad1467
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40411498
These vulnerabilties are quite old.  Some background, so you can make your own tests:
http://www.cvedetails.com/cve/CVE-2012-1823
http://www.cvedetails.com/cve/CVE-2012-2311

At current levels of PHP there appears to be little risk:
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-125891/PHP-PHP-5.4.2.html
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question