web analytics

Critical PHP Vulnerability Threatens Windows Servers – Source: www.databreachtoday.com

critical-php-vulnerability-threatens-windows-servers-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Governance & Risk Management
,
Patch Management
,
Vulnerability Assessment & Penetration Testing (VA/PT)

Remote Code Execution Exploit Found; Patch Now Available

Prajeet Nair (@prajeetspeaks) •
June 8, 2024    

Critical PHP Vulnerability Threatens Windows Servers
Image: Shutterstock

Server administrators should take immediate action to patch a critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x and posing a widespread threat.

See Also: OnDemand I Remediate the Most Exploitable Vulnerabilities First and Fast

Researchers at DEVCORE discovered the flaw, identified as CVE-2024-4577, during its continuous offensive research. The vulnerability allows unauthenticated attackers to bypass protections related to CVE-2012-1823 by exploiting specific character sequences.

This flaw in the Best-Fit feature of Windows’ encoding conversion enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.

The affected PHP versions are:

  • PHP 8.3 < 8.3.8
  • PHP 8.2 < 8.2.20
  • PHP 8.1 < 8.1.29

Researchers warned that the older branches of PHP, including 8.0, 7 and 5, which are no longer supported, are also affected. DEVCORE advises server administrators to evaluate their systems and immediately implement the recommended patches.

Servers running PHP on Windows in Traditional Chinese (Code Page 950), Simplified Chinese (Code Page 936), and Japanese (Code Page 932) are particularly vulnerable.

The advisory said Windows servers in English, Korean and Western European can be exploited, and administrators should conduct thorough assessments and apply updates.

Researchers illustrated two scenarios of how this vulnerability can be exploited: running PHP under CGI mode or by exposing the PHP binary.

For running PHP under CGI mode: Configurations that map HTTP requests to a PHP-CGI executable binary in the Apache HTTP Server are directly susceptible. This includes setups involving directives such as AddHandler cgi-script .php and SetHandler application/x-httpd-php-cgi.

In such configurations, the vulnerability allows attackers to exploit the PHP-CGI executable directly, potentially leading to arbitrary code execution on the server.

Attackers can manipulate the HTTP requests to inject malicious code into the PHP interpreter, taking advantage of the vulnerability in Windows’ encoding conversion.

In the second scenario, by exposing the PHP binary: Default configurations in XAMPP for Windows, where the PHP executable binary is exposed, are inherently vulnerable. Typical scenarios include copying php.exe or php-cgi.exe to the /cgi-bin/ directory or exposing the PHP directory via the ScriptAlias directive.

In these scenarios, if the PHP executable is accessible and vulnerable, attackers can craft HTTP requests to execute arbitrary code through the PHP interpreter. This method exploits the oversight in Windows’ encoding conversion within PHP, allowing unauthorized code execution on the server.

DEVCORE researchers advise upgrading to the latest PHP versions: 8.3.8, 8.2.20, and 8.1.29 to mitigate this vulnerability. For systems that cannot be upgraded, temporary mitigation measures include implementing specific ‘Rewrite Rules’ to block attack vectors in affected locales.

The XAMPP users should disable the PHP-CGI feature if it is not required. This can be done by commenting out the ScriptAlias line in the httpd-xampp.conf configuration file.

DEVCORE reported the issue to PHP developers on May 7 and PHP developers confirmed the vulnerability and prioritized a fix. They released multiple versions of the fix and updated the final patched versions on June 6.

Original Post url: https://www.databreachtoday.com/critical-php-vulnerability-threatens-windows-servers-a-25460

Category & Tags: –

Views: 15

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

UK HM Government
National Cyber Strategy 2022
National Cyber Strategy 2022
NSA
NSA Network Infrastructure Security Guide
NSA Network Infrastructure Security Guide
NIST
NIST Policy Template Guide
NIST Policy Template Guide
Thecyphere
Malware prevention tips for businesses
Malware prevention tips for businesses
ministry of security
MERGERS AND ACQUISITIONS
MERGERS AND ACQUISITIONS
THE LINUX FUNDATION
Linux Privilege Escalation
Linux Privilege Escalation
Kubernetes
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Kubernetes and Cloud Native Associate...
Australian Government
Management structures and responsibilities
Management structures and responsibilities
Hacker Combat
How are Passwords Cracked ? by Hacker Combat.
How are Passwords Cracked ?...
N/A
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Security Metrics & KPIs for...
Sectrio
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
The Global OT & IoT...
ISA SECURE
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
The Case for ISA/IEC 62443Security...

More Latest Published Posts

PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy Learning
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation
Accenture
THE NEXT-GENERATION Building a Digital Central Bankfor a Digital Age
THE NEXT-GENERATION Building a Digital Central Bankfor a Digital Age
Thecyphere
Microsoft EntraID (Azure)ConditionalAccess
Microsoft EntraID (Azure)ConditionalAccess
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
Government of South Australian
South Australian Cyber Security Framework
South Australian Cyber Security Framework
NAO -National Audit Office
Audit and Risk Assurance Committee Effectiveness Tool
Audit and Risk Assurance Committee Effectiveness Tool
WWW. D E V S E COP S G U I D E S . CO M
Attacking Docker
Attacking Docker
W W W . D E V S E C O P S G U I D E S . C O M
Attacking AWS – Offensive Security Aproach
Attacking AWS – Offensive Security Aproach
ENISA
Artificial Intelligence and Cybersecurity Research 2023
Artificial Intelligence and Cybersecurity Research 2023
MuleSoft
API Security Best Practices – Protect your APIs with Anypoint Platform
API Security Best Practices – Protect your APIs with Anypoint Platform
Green Circle
All about Security Operations Center
All about Security Operations Center
DAZZ
A Guide to Building a Secure SDLC – Which Scanning Tools Should I look at, and where do they go?
A Guide to Building a Secure SDLC – Which Scanning Tools Should I look at, and where do they go?
zimperium
2023 Mobile Banking Heists Report
2023 Mobile Banking Heists Report
40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING