Skip to content

Commit

Permalink
20240712003 (#870)
Browse files Browse the repository at this point in the history 
* 20240712003

* Format markdown docs

---------

Co-authored-by: DGOV-Bryce <DGOV-Bryce@users.noreply.github.com>
Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
  • Loading branch information
@DGOV-Bryce @DGovEnterprise
3 people authored Jul 12, 2024
1 parent a60e01f commit 651a5e6
Showing 1 changed file with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions docs/advisories/20240712003-PHP-Vuln-Active-Exploitation.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# PHP Vulnerability Active Exploitation - 20240712003

## Overview

The WA SOC has been made aware of a vulnerability in versions of PHP that when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behaviour to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

## What is vulnerable?

| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
| ------------------- | ----------------------------------------- | --------------------------------------------------------------- | ---- | -------- |
| PHP | Versions **before** 8.1.29, 8.2.20, 8.3.8 | [CVE-2024-4577](https://nvd.nist.gov/vuln/detail/CVE-2024-4577) | 9.8 | Critical |

## What has been observed?

Since the Publication of Advisory #20240610001, the WA SOC has been made aware of active exploitation of the vulnerability. The WA SOC strongly advises administrators to apply patches to all affected systems, and also to monitor for any unexpected or suspicious behaviour.

## Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):

- [PHP](https://www.php.net/)

## Additional References

- WA SOC: https://soc.cyber.wa.gov.au/advisories/20240610001-PoC-PHP-vulnerability
- The Hacker News: https://thehackernews.com/2024/07/php-vulnerability-exploited-to-spread.html

0 comments on commit 651a5e6

Please sign in to comment.