Published: 16/09/2018 Updated: 19/08/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The Apache2 component in PHP prior to 5.6.38, 7.0.x prior to 7.0.32, 7.1.x prior to 7.1.22, and 7.2.x prior to 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 9.0
debian debian linux 8.0
netapp storage automation store -

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed in ...

The Apache2 component in PHP before 5638, 70x before 7032, 71x before 7122, and 72x before 7210 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2c (CVE-2018-17082) ...

A cross-site scripting (XSS) vulnerability in Apache2 component of PHP was found When using 'Transfer-Encoding: chunked', the request allows remote attackers to potentially run a malicious script in a victim's browser This vulnerability can be exploited only by producing malformed requests and it's believed it's unlikely to be used in practical c ...

A Crowdsourcing Exchange for mapping various sources of security vulnerabilities, exposures, threats, and controls data

A Crowdsourcing Exchange for mapping various sources of Information security vulnerabilities, exposures, threats, and controls data What are you asking? The Columbus Collaboratory is asking the community to help us create mappings from CWE (common weakness enumeration) to NIST 800-53r4 moderate controls using our initial mapping formula Why are you asking? The Collaboratory te

YouTubeチャンネル「徳丸浩のウェブセキュリティ講座」の実習用サンプルコードです

徳丸浩のウェブセキュリティ講座サンプルコード YouTubeチャンネル「徳丸浩のウェブセキュリティ講座」で実習に使えるサンプルコード集です。目次安全でないデシリアライゼーション入門～基礎編～安全でないデシリアライゼーション入門～応用編～ Digest認証に対して中間者攻

CWE-79 https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e https://bugs.php.net/bug.php?id=76582 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html https://security.netapp.com/advisory/ntap-20180924-0001/https://security.gentoo.org/glsa/201812-01 https://www.debian.org/security/2018/dsa-4353 https://access.redhat.com/errata/RHSA-2019:2519 https://www.tenable.com/security/tns-2019-07 https://access.redhat.com/errata/RHSA-2019:2519 https://nvd.nist.gov https://github.com/ColumbusCollaboratory/MITRE_NIST https://www.debian.org/security/./dsa-4353

CVE-2018-17082

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect