← Voltar para CVEs
CVE-2024-4577
CRITICALCISA KEV9.8
Descricao
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/9/2024
Ultima modificacao11/3/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorPHP Group
ProdutoPHP
Nome da vulnerabilidadePHP-CGI OS Command Injection Vulnerability
Data inclusao KEV2024-06-12
Prazo de remediacao2024-07-03
Uso em ransomwareKnown
Produtos afetados
fedoraproject:fedoramicrosoft:windowsphp:php
Fraquezas (CWE)
CWE-78CWE-78
Referencias
http://www.openwall.com/lists/oss-security/2024/06/07/1(security@php.net)
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/(security@php.net)
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html(security@php.net)
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/(security@php.net)
https://github.com/11whoami99/CVE-2024-4577(security@php.net)
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv(security@php.net)
https://github.com/rapid7/metasploit-framework/pull/19247(security@php.net)
https://github.com/watchtowrlabs/CVE-2024-4577(security@php.net)
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE(security@php.net)
https://isc.sans.edu/diary/30994(security@php.net)
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/(security@php.net)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/(security@php.net)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/(security@php.net)
https://security.netapp.com/advisory/ntap-20240621-0008/(security@php.net)
https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/(security@php.net)
https://www.php.net/ChangeLog-8.php#8.1.29(security@php.net)
https://www.php.net/ChangeLog-8.php#8.2.20(security@php.net)
https://www.php.net/ChangeLog-8.php#8.3.8(security@php.net)
http://www.openwall.com/lists/oss-security/2024/06/07/1(af854a3a-2127-422b-91ae-364da2661108)
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/(af854a3a-2127-422b-91ae-364da2661108)
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html(af854a3a-2127-422b-91ae-364da2661108)
https://blog.talosintelligence.com/new-persistent-attacks-japan/(af854a3a-2127-422b-91ae-364da2661108)
https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately(af854a3a-2127-422b-91ae-364da2661108)
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/11whoami99/CVE-2024-4577(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rapid7/metasploit-framework/pull/19247(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/watchtowrlabs/CVE-2024-4577(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE(af854a3a-2127-422b-91ae-364da2661108)
https://isc.sans.edu/diary/30994(af854a3a-2127-422b-91ae-364da2661108)
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240621-0008/(af854a3a-2127-422b-91ae-364da2661108)
https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/(af854a3a-2127-422b-91ae-364da2661108)
https://www.php.net/ChangeLog-8.php#8.1.29(af854a3a-2127-422b-91ae-364da2661108)
https://www.php.net/ChangeLog-8.php#8.2.20(af854a3a-2127-422b-91ae-364da2661108)
https://www.php.net/ChangeLog-8.php#8.3.8(af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577(af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.