4.3
CVSSv2

CVE-2018-5712

Published: 16/01/2018 Updated: 19/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in PHP prior to 5.6.33, 7.0.x prior to 7.0.27, 7.1.x prior to 7.1.13, and 7.2.x prior to 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Affected Products

Vendor Product Versions
PhpPhp5.6.32, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.2.0
CanonicalUbuntu Linux12.04, 14.04, 16.04, 17.10
DebianDebian Linux7.0

Vendor Advisories

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic An update for php is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Several security issues were fixed in PHP ...
Several security issues were fixed in PHP ...
Several security issues were fixed in PHP ...
An issue was discovered in PHP before 5633, 70x before 7027, 71x before 7113, and 72x before 721 There is Reflected XSS on the PHAR 404 error page via the URI of a request for a phar file ...
Reflected XSS in phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a phar file (CVE-2018-5712 ) Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_incThe gd_gif_inc file in the GD Graphics Library (aka libgd), as u ...
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in converticonv stream filter ...
Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Oracle Solaris Third Party Bulletin - April 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4240-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 05, 2018 wwwdebianorg/security/faq ...