Check Point Advisories

PHP Command Injection (CVE-2012-1823; CVE-2012-2311; CVE-2012-2335; CVE-2012-2336; CVE-2013-4878)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-233
Date Published:	14 May 2012
Severity:	High
Last Updated:	Thursday 30 November, 2023
Source:
Industry Reference:	CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2013-4878
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?	PHP 5.3.11 and prior PHP PHP 5.0.0 PHP PHP 5.0.0 Beta1 PHP PHP 5.0.0 Beta2 PHP PHP 5.0.0 Beta3 PHP PHP 5.0.0 Beta4 PHP PHP 5.0.0 RC1 PHP PHP 5.0.0 RC2 PHP PHP 5.0.0 RC3 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP 5.2.0 PHP 5.2.1 PHP 5.2.2 PHP 5.2.3 PHP 5.2.4 PHP 5.2.5 PHP 5.2.6 PHP 5.2.7 PHP 5.2.8 PHP 5.2.9 PHP 5.2.10 PHP 5.2.11 PHP 5.2.12 PHP 5.2.13 PHP 5.2.14 PHP 5.2.15 PHP 5.2.16 PHP 5.2.17 PHP 5.3.0 PHP 5.3.1 PHP 5.3.2 PHP 5.3.3 PHP 5.3.4 PHP 5.3.5 PHP 5.3.6 PHP 5.3.7 PHP 5.3.8 PHP 5.3.9 PHP 5.3.10
Vulnerability Description	A command injection vulnerability exists in PHP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

Protection Overview

The protection will detect and block specially crafted HTTP requests.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

In the IPS tab, click Protections and find the PHP Command Injection protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Server Enforcement Violation.
Attack Information: PHP Command Injection