Overview
The flaw, designated CVE-2024-4577, is due to an error in how PHP handles character encoding conversions. This error allows unauthenticated threat actors to pass special character sequences as URL arguments, which could lead to remote code execution.
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to the PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
As this vulnerability is present only in PHP-CGI, customers using only IceWarp WebClient are not affected since IceWarp WebClient uses PHP-FPM. However, customers using own products based on PHP-CGI may be affected by this vulnerability.
How to fix it
IceWarp will release a security update in version 14.1.0.10. However, until this version is released, you can use the following settings on the IceWarp server to address this vulnerability.
Visit the remote console and navigate to the following path:
Web > [Default] > Rewrite and add the following details:
Source | Destination | RegEx |
[^?]+\?\%[aA][dD].* | / [R,L] | Yes |
Put these values at the top of your list, as seen below.
Comments
0 comments
Article is closed for comments.