NVD Vulnerability Detail

CVE-2024-4577

Summary	In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Publication Date	June 10, 2024, 5:15 a.m.
Registration Date	June 10, 2024, 10 a.m.
Last Update	Nov. 21, 2024, 6:43 p.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php::::::::	5.0.0			8.1.29
cpe:2.3:a:php:php::::::::	8.2.0			8.2.20
cpe:2.3:a:php:php::::::::	8.3.0			8.3.8

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:39:::::::*
cpe:2.3:o:fedoraproject:fedora:40:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2024/06/07/1	Mailing List Release Notes
2	http://www.openwall.com/lists/oss-security/2024/06/07/1	Mailing List Release Notes
3	https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/	Exploit Press/Media Coverage Third Party Advisory
4	https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/	Exploit Press/Media Coverage Third Party Advisory
5	https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html	Third Party Advisory
6	https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html	Third Party Advisory
7	https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately	Third Party Advisory
8	https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately	Third Party Advisory
9	https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/	Exploit Third Party Advisory
10	https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/	Exploit Third Party Advisory
11	https://github.com/11whoami99/CVE-2024-4577	Exploit
12	https://github.com/11whoami99/CVE-2024-4577	Exploit
13	https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv	Broken Link
14	https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv	Broken Link
15	https://github.com/rapid7/metasploit-framework/pull/19247	Exploit Issue Tracking
16	https://github.com/rapid7/metasploit-framework/pull/19247	Exploit Issue Tracking
17	https://github.com/watchtowrlabs/CVE-2024-4577	Exploit Third Party Advisory
18	https://github.com/watchtowrlabs/CVE-2024-4577	Exploit Third Party Advisory
19	https://github.com/xcanwin/CVE-2024-4577-PHP-RCE	Exploit Third Party Advisory
20	https://github.com/xcanwin/CVE-2024-4577-PHP-RCE	Exploit Third Party Advisory
21	https://isc.sans.edu/diary/30994	Exploit Third Party Advisory
22	https://isc.sans.edu/diary/30994	Exploit Third Party Advisory
23	https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/	Exploit Third Party Advisory
24	https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/	Exploit Third Party Advisory
25	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/	Mailing List Third Party Advisory
26	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/	Mailing List Third Party Advisory
27	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/	Mailing List Third Party Advisory
28	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/	Mailing List Third Party Advisory
29	https://security.netapp.com/advisory/ntap-20240621-0008/	Third Party Advisory
30	https://security.netapp.com/advisory/ntap-20240621-0008/	Third Party Advisory
31	https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/	Third Party Advisory
32	https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/	Third Party Advisory
33	https://www.php.net/ChangeLog-8.php#8.1.29	Release Notes
34	https://www.php.net/ChangeLog-8.php#8.1.29	Release Notes
35	https://www.php.net/ChangeLog-8.php#8.2.20	Release Notes
36	https://www.php.net/ChangeLog-8.php#8.2.20	Release Notes
37	https://www.php.net/ChangeLog-8.php#8.3.8	Release Notes
38	https://www.php.net/ChangeLog-8.php#8.3.8	Release Notes
39	https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577
40	https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html

JVN Vulnerability Information

The PHP Group の PHP における OS コマンドインジェクションの脆弱性

Title	The PHP Group の PHP における OS コマンドインジェクションの脆弱性
Summary	The PHP Group の PHP には、OS コマンドインジェクションの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	June 9, 2024, midnight
Registration Date	June 11, 2024, 1:50 p.m.
Last Update	July 1, 2024, 12:27 p.m.

Affected System

The PHP Group

PHP 5.0.0 以上 8.1.29 未満

PHP 8.2.0 以上 8.2.20 未満

PHP 8.3.0 以上 8.3.8 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
CISA Known Exploited Vulnerabilities Catalog
1	CVE-2024-4577	https://cisa.gov/known-exploited-vulnerabilities-catalog
Common Vulnerabilities and Exposures (CVE)
2	CVE-2024-4577	https://www.cve.org/CVERecord?id=CVE-2024-4577
National Vulnerability Database (NVD)
3	CVE-2024-4577	https://nvd.nist.gov/vuln/detail/CVE-2024-4577

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-78	https://jvndb.jvn.jp/ja/cwe/CWE-78.html

その他

No	Name	URL
関連文書
1	arstechnica.com (php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers)	https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
2	blog.orange.tw (cve-2024-4577-yet-another-php-rce)	https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
3	cert.be (warning-php-remote-code-execution-patch-immediately)	https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
4	devco.re (security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en)	https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
5	github.com (CVE-2024-4577)	https://github.com/watchtowrlabs/CVE-2024-4577
6	github.com (CVE-2024-4577)	https://github.com/11whoami99/CVE-2024-4577
7	github.com (CVE-2024-4577-PHP-RCE)	https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
8	github.com (pull/19247)	https://github.com/rapid7/metasploit-framework/pull/19247
9	isc.sans.edu (diary/30994)	https://isc.sans.edu/diary/30994
10	labs.watchtowr.com (no-way-php-strikes-again-cve-2024-4577)	https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
11	www.imperva.com (imperva-protects-against-critical-php-vulnerability-cve-2024-4577)	https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
12	www.openwall.com (oss-security/2024/06/07/1)	http://www.openwall.com/lists/oss-security/2024/06/07/1
13	www.php.net (ChangeLog-8.php#8.1.29)	https://www.php.net/ChangeLog-8.php#8.1.29
14	www.php.net (ChangeLog-8.php#8.2.20)	https://www.php.net/ChangeLog-8.php#8.2.20
15	www.php.net (ChangeLog-8.php#8.3.8)	https://www.php.net/ChangeLog-8.php#8.3.8

Change Log

No	Changed Details	Date of change
1	[2024年06月11日] 掲載	June 11, 2024, 1:49 p.m.
2	[2024年07月01日] 参考情報：CISA Known Exploited Vulnerabilities Catalog (CVE-2024-4577) を追加	July 1, 2024, 11:16 a.m.