Published: 16/01/2018 Updated: 19/08/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in PHP prior to 5.6.33, 7.0.x prior to 7.0.27, 7.1.x prior to 7.1.13, and 7.2.x prior to 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 7.2.0
php php
debian debian linux 7.0
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10

Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic An update for php is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in converticonv stream filter ...

ALAS-2018-946 Amazon Linux 2 Security Advisory: ALAS-2018-946 Advisory Release Date: 2018-02-07 17:29 Pacific Advisory Updated Date: 2018-02-07 18:33 Pacifi ...

Reflected XSS in phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a phar file (CVE-2018-5712) Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_incThe gd_gif_inc file in the GD Graphics Library (aka libgd), as us ...

An issue was discovered in PHP before 5633, 70x before 7027, 71x before 7113, and 72x before 721 There is Reflected XSS on the PHAR 404 error page via the URI of a request for a phar file ...

CWE-79 https://bugs.php.net/bug.php?id=74782 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.securityfocus.com/bid/102742 https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html http://www.securitytracker.com/id/1040363 https://usn.ubuntu.com/3566-1/https://usn.ubuntu.com/3600-1/http://www.securityfocus.com/bid/104020 https://access.redhat.com/errata/RHSA-2018:1296 https://usn.ubuntu.com/3600-2/https://access.redhat.com/errata/RHSA-2019:2519 https://www.oracle.com/security-alerts/cpuapr2020.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:1296 https://usn.ubuntu.com/3600-2/

Get Started

CVE-2018-5712

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect