Solved

PHP php-cgi Query String Parameter Parsing Exploit Attempt

Posted on 2014-10-29
1
413 Views
Last Modified: 2014-11-25
I currently have a Web/FTP server that is running Windows 2008R2 standard that is getting monitored for ISP traffic and currently they are seeing

'50744 VID43969 PHP php-cgi Query String Parameter Parsing Exploit Attempt Inbound (CVE-2012-1823)' they are saying that one or more external hosts are attempting to discover whether one of your Internet-facing devices is vulnerable to either the PHP-CGI argument injection (CVE-2012-1823) or the PHP-CGI improper handling of query strings (CVE-2012-2311) vulnerabilities. Successful exploitation of these vulnerabilities may result in information disclosure or remote code execution.
I am not sure what this means and how to protect the system.
0
Comment
Question by:ahmad1467
1 Comment
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40411498
These vulnerabilties are quite old.  Some background, so you can make your own tests:
http://www.cvedetails.com/cve/CVE-2012-1823
http://www.cvedetails.com/cve/CVE-2012-2311

At current levels of PHP there appears to be little risk:
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-125891/PHP-PHP-5.4.2.html
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now