Vulnerability CVE-2018-5712


Published: 2018-01-16

Description:
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: PHP
Product: PHP 
Version:
7.2.0
7.1.9
7.1.8
7.1.7
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.12
7.1.11
7.1.10
7.1.1
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.26
7.0.25
7.0.24
7.0.23
7.0.22
7.0.21
7.0.20
7.0.2
7.0.19
7.0.18
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.1
7.0.0
5.6.32

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/102742
http://www.securityfocus.com/bid/104020
http://www.securitytracker.com/id/1040363
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=74782
https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
https://usn.ubuntu.com/3566-1/
https://usn.ubuntu.com/3600-1/
https://usn.ubuntu.com/3600-2/

Related CVE
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in s...
CVE-2018-15132
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files...
CVE-2018-14884
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value...
CVE-2018-14883
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
CVE-2018-14851
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG...
CVE-2017-9120
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2017-9118
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2018-12882
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PH...

Copyright 2018, cxsecurity.com

 

Back to Top