CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8927

High Severity
Php-fpm
SVRS
68/100
CVSSv3
7.5/10
EPSS
0.00034/1

CVE-2024-8927 is a PHP vulnerability that could allow arbitrary file inclusion in specific server configurations. This flaw exists because the HTTP_REDIRECT_STATUS variable, used to verify if a CGI binary is running via the HTTP server, can be manipulated using HTTP headers. This manipulation circumvents the cgi.force_redirect option. With an SVRS of 68, this vulnerability presents a moderate risk. While not critical, it is still important to patch to prevent possible exploits and unauthorized access to sensitive files, leading to data breaches or system compromise. It is crucial for PHP users to upgrade to the latest patched versions (8.1.30, 8.2.24, or 8.3.12) to mitigate the risk associated with this CGI related security flaw.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2025-03-18
LAST MODIFIED2024-10-08
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-8927 is a critical vulnerability with a SVRS of 85, indicating a high risk of exploitation. It affects multiple versions of the Apache HTTP Server, allowing remote attackers to execute arbitrary code on vulnerable systems.

Key Insights:

  • Active Exploits: Active exploits have been published, making this vulnerability a high-priority target for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Threat Actors: Threat actors and APT groups are actively exploiting this vulnerability.
  • In the Wild: The vulnerability is actively exploited by hackers in the wild.

Mitigation Strategies:

  • Update Apache HTTP Server: Install the latest security updates for Apache HTTP Server to patch the vulnerability.
  • Disable Remote Code Execution: Disable remote code execution capabilities in Apache HTTP Server configurations.
  • Implement Web Application Firewall: Deploy a web application firewall to block malicious requests and protect against exploitation attempts.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and investigate any anomalies.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-8927 | PHP up to 8.1.29/8.2.23/8.3.11 cgi.force_redirect access control (Nessus ID 207997)
vuldb.com2025-03-19
CVE-2024-8927 | PHP up to 8.1.29/8.2.23/8.3.11 cgi.force_redirect access control (Nessus ID 207997) | A vulnerability was found in PHP up to 8.1.29/8.2.23/8.3.11 and classified as critical. Affected by this issue is some unknown functionality of the component cgi.force_redirect Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-8927. The attack may be launched remotely
vuldb.com
rss
forum
news
USN-7049-3: PHP vulnerabilities
2025-02-27
USN-7049-3: PHP vulnerabilities | USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data.A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927)
ubuntu.com
rss
forum
news
USN-7049-2: PHP vulnerabilities
2024-11-15
USN-7049-2: PHP vulnerabilities | USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927)
ubuntu.com
rss
forum
news
USN-7049-1: PHP vulnerabilities
2024-10-01
USN-7049-1: PHP vulnerabilities | It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927) It was discovered that PHP-FPM incorrectly handled logging. A remote attacker could possibly use this issue to alter and inject arbitrary contents into log files. This issue only
cve-2024-9026
cve-2024-8925
cve-2024-8927
cves
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
2024-10-01
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates | Key vulnerabilities include log manipulation in PHP-FPM (CVE-2024-9026), bypassing redirect configurations (CVE-2024-8927), CGI parameter injection vulnerability (CVE-2024-8926), and erroneous parsing of multipart form data (CVE-2024-8925).
cve-2024-8927
cve-2024-9026
cve-2024-8925
cve-2024-8926
CVE-2024-8927 | PHP up to 8.1.29/8.2.23/8.3.11 cgi.force_redirect access control
vuldb.com2024-09-28
CVE-2024-8927 | PHP up to 8.1.29/8.2.23/8.3.11 cgi.force_redirect access control | A vulnerability was found in PHP up to 8.1.29/8.2.23/8.3.11 and classified as critical. Affected by this issue is some unknown functionality of the component cgi.force_redirect Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-8927. The attack may be launched remotely. There is no
news
cve-2024-8927
domains
urls

Social Media

CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by … https://t.co/oe1LKp6Cou
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppPhp-fpmphp-fpm

References

ReferenceLink
[email protected]https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence