Published: 29/04/2018 Updated: 19/08/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in ext/phar/phar_object.c in PHP prior to 5.6.36, 7.0.x prior to 7.0.30, 7.1.x prior to 7.1.17, and 7.2.x prior to 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
netapp storage automation store -

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic An update for php is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in converticonv stream filter ...

Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attackerAn issue was discovered in PHP before 5636, 70x before 7030, 71x before 7117, and 72x before 725 ext/ldap/ldapc allows remote LDAP servers to cause a denial of service (NULL pointer d ...

An issue was discovered in ext/phar/phar_objectc in PHP before 5636, 70x before 7030, 71x before 7117, and 72x before 725 There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a phar file NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712 ...

SecurityCenter leverages third-party software to help provide underlying functionality Two separate third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...

CWE-79 https://bugs.php.net/bug.php?id=76129 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.securitytracker.com/id/1040807 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://usn.ubuntu.com/3646-1/https://usn.ubuntu.com/3646-2/https://security.netapp.com/advisory/ntap-20180607-0003/https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://www.debian.org/security/2018/dsa-4240 https://www.tenable.com/security/tns-2018-12 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2020:1112 https://nvd.nist.gov https://usn.ubuntu.com/3646-2/

CVE-2018-10547

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect