6.1
CVE-2018-5712
- EPSS 79.95%
- Veröffentlicht 16.01.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 79.95% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://php.net/ChangeLog-5.php
https://www.oracle.com/security-alerts/cpuapr2020.html
http://php.net/ChangeLog-7.php
https://access.redhat.com/errata/RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2019:2519
https://usn.ubuntu.com/3566-1/
http://www.securityfocus.com/bid/102742
http://www.securityfocus.com/bid/104020
http://www.securitytracker.com/id/1040363
https://bugs.php.net/bug.php?id=74782
https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
https://usn.ubuntu.com/3600-1/
https://usn.ubuntu.com/3600-2/