CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
References
Link Resource
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List Release Notes
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit Press/Media Coverage Third Party Advisory
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html Third Party Advisory
https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately Third Party Advisory
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ Exploit Third Party Advisory
https://github.com/11whoami99/CVE-2024-4577 Exploit
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Broken Link
https://github.com/rapid7/metasploit-framework/pull/19247 Exploit Issue Tracking
https://github.com/watchtowrlabs/CVE-2024-4577 Exploit Third Party Advisory
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE Exploit Third Party Advisory
https://isc.sans.edu/diary/30994 Exploit Third Party Advisory
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0008/ Third Party Advisory
https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ Third Party Advisory
https://www.php.net/ChangeLog-8.php#8.1.29 Release Notes
https://www.php.net/ChangeLog-8.php#8.2.20 Release Notes
https://www.php.net/ChangeLog-8.php#8.3.8 Release Notes
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List Release Notes
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit Press/Media Coverage Third Party Advisory
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html Third Party Advisory
https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately Third Party Advisory
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ Exploit Third Party Advisory
https://github.com/11whoami99/CVE-2024-4577 Exploit
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Broken Link
https://github.com/rapid7/metasploit-framework/pull/19247 Exploit Issue Tracking
https://github.com/watchtowrlabs/CVE-2024-4577 Exploit Third Party Advisory
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE Exploit Third Party Advisory
https://isc.sans.edu/diary/30994 Exploit Third Party Advisory
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0008/ Third Party Advisory
https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ Third Party Advisory
https://www.php.net/ChangeLog-8.php#8.1.29 Release Notes
https://www.php.net/ChangeLog-8.php#8.2.20 Release Notes
https://www.php.net/ChangeLog-8.php#8.3.8 Release Notes
https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577
https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

History

21 Nov 2024, 09:43

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 -
  • () https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 -
References () http://www.openwall.com/lists/oss-security/2024/06/07/1 - Mailing List, Release Notes () http://www.openwall.com/lists/oss-security/2024/06/07/1 - Mailing List, Release Notes
References () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Press/Media Coverage, Third Party Advisory () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Press/Media Coverage, Third Party Advisory
References () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - Third Party Advisory () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - Third Party Advisory
References () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - Third Party Advisory () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - Third Party Advisory
References () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ - Exploit, Third Party Advisory () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ - Exploit, Third Party Advisory
References () https://github.com/11whoami99/CVE-2024-4577 - Exploit () https://github.com/11whoami99/CVE-2024-4577 - Exploit
References () https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - Broken Link () https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - Broken Link
References () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit, Issue Tracking () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit, Issue Tracking
References () https://github.com/watchtowrlabs/CVE-2024-4577 - Exploit, Third Party Advisory () https://github.com/watchtowrlabs/CVE-2024-4577 - Exploit, Third Party Advisory
References () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - Exploit, Third Party Advisory () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - Exploit, Third Party Advisory
References () https://isc.sans.edu/diary/30994 - Exploit, Third Party Advisory () https://isc.sans.edu/diary/30994 - Exploit, Third Party Advisory
References () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ - Exploit, Third Party Advisory () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ - Exploit, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240621-0008/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20240621-0008/ - Third Party Advisory
References () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ - Third Party Advisory () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ - Third Party Advisory
References () https://www.php.net/ChangeLog-8.php#8.1.29 - Release Notes () https://www.php.net/ChangeLog-8.php#8.1.29 - Release Notes
References () https://www.php.net/ChangeLog-8.php#8.2.20 - Release Notes () https://www.php.net/ChangeLog-8.php#8.2.20 - Release Notes
References () https://www.php.net/ChangeLog-8.php#8.3.8 - Release Notes () https://www.php.net/ChangeLog-8.php#8.3.8 - Release Notes

14 Aug 2024, 19:23

Type Values Removed Values Added
References () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Third Party Advisory () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Press/Media Coverage, Third Party Advisory
References () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit, Issue Tracking
References () https://security.netapp.com/advisory/ntap-20240621-0008/ - () https://security.netapp.com/advisory/ntap-20240621-0008/ - Third Party Advisory

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0008/ -

21 Jun 2024, 11:20

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
First Time Fedoraproject fedora
Fedoraproject
References () http://www.openwall.com/lists/oss-security/2024/06/07/1 - () http://www.openwall.com/lists/oss-security/2024/06/07/1 - Mailing List, Release Notes
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - Mailing List, Third Party Advisory

13 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ -

12 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary (es) En las versiones de PHPPHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc. (es) En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc.
References
  • () http://www.openwall.com/lists/oss-security/2024/06/07/1 -

10 Jun 2024, 12:50

Type Values Removed Values Added
References () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Third Party Advisory
References () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - Third Party Advisory
References () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - Third Party Advisory
References () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ - () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ - Exploit, Third Party Advisory
References () https://github.com/11whoami99/CVE-2024-4577 - () https://github.com/11whoami99/CVE-2024-4577 - Exploit
References () https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - () https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - Broken Link
References () https://github.com/rapid7/metasploit-framework/pull/19247 - () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit
References () https://github.com/watchtowrlabs/CVE-2024-4577 - () https://github.com/watchtowrlabs/CVE-2024-4577 - Exploit, Third Party Advisory
References () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - Exploit, Third Party Advisory
References () https://isc.sans.edu/diary/30994 - () https://isc.sans.edu/diary/30994 - Exploit, Third Party Advisory
References () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ - () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ - Exploit, Third Party Advisory
References () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ - () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ - Third Party Advisory
References () https://www.php.net/ChangeLog-8.php#8.1.29 - () https://www.php.net/ChangeLog-8.php#8.1.29 - Release Notes
References () https://www.php.net/ChangeLog-8.php#8.2.20 - () https://www.php.net/ChangeLog-8.php#8.2.20 - Release Notes
References () https://www.php.net/ChangeLog-8.php#8.3.8 - () https://www.php.net/ChangeLog-8.php#8.3.8 - Release Notes
First Time Php
Php php
CPE cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

10 Jun 2024, 12:15

Type Values Removed Values Added
References
  • () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately -
  • () https://isc.sans.edu/diary/30994 -
Summary
  • (es) En las versiones de PHPPHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc.

10 Jun 2024, 03:15

Type Values Removed Values Added
References
  • () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ -
  • () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html -
  • () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ -
  • () https://github.com/11whoami99/CVE-2024-4577 -
  • () https://github.com/rapid7/metasploit-framework/pull/19247 -
  • () https://github.com/watchtowrlabs/CVE-2024-4577 -
  • () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE -
  • () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ -
  • () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ -
  • () https://www.php.net/ChangeLog-8.php#8.1.29 -
  • () https://www.php.net/ChangeLog-8.php#8.2.20 -
  • () https://www.php.net/ChangeLog-8.php#8.3.8 -

09 Jun 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-09 20:15

Updated : 2024-11-21 09:43


NVD link : CVE-2024-4577

Mitre link : CVE-2024-4577

CVE.ORG link : CVE-2024-4577


JSON object : View

Products Affected

php

  • php

fedoraproject

  • fedora
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')