An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/102742
http://www.securityfocus.com/bid/104020
http://www.securitytracker.com/id/1040363
https://access.redhat.com/errata/RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=74782
https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
https://usn.ubuntu.com/3566-1/
Source: MITRE
Published: 2018-01-16
Updated: 2019-08-19
Type: CWE-79
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.32 (inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from 7.0.0 to 7.0.26 (inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 7.1.12 (inclusive)
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
143988 | NewStart CGSL CORE 5.05 / MAIN 5.05 : php Multiple Vulnerabilities (NS-SA-2020-0090) | Nessus | NewStart CGSL Local Security Checks | high |
143917 | NewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2020-0059) | Nessus | NewStart CGSL Local Security Checks | high |
137966 | EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747) | Nessus | Huawei Local Security Checks | critical |
135827 | Scientific Linux Security Update : php on SL7.x x86_64 (20200407) | Nessus | Scientific Linux Local Security Checks | high |
135338 | CentOS 7 : php (CESA-2020:1112) | Nessus | CentOS Local Security Checks | high |
135040 | RHEL 7 : php (RHSA-2020:1112) | Nessus | Red Hat Local Security Checks | high |
132184 | EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649) | Nessus | Huawei Local Security Checks | critical |
131592 | EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438) | Nessus | Huawei Local Security Checks | critical |
129178 | EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984) | Nessus | Huawei Local Security Checks | high |
98824 | PHP 5.6.x < 5.6.33 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
98865 | PHP 7.2.x < 7.2.1 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
98858 | PHP 7.1.x < 7.1.13 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
98846 | PHP 7.0.x < 7.0.27 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
120886 | Fedora 28 : php (2018-ee6707d519) | Nessus | Fedora Local Security Checks | medium |
120015 | SUSE SLES12 Security Update : php7 (SUSE-SU-2018:0308-1) | Nessus | SuSE Local Security Checks | medium |
120013 | SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0216-1) | Nessus | SuSE Local Security Checks | medium |
109560 | Fedora 26 : php (2018-6071a600e8) | Nessus | Fedora Local Security Checks | medium |
109559 | Fedora 27 : php (2018-04f6056c42) | Nessus | Fedora Local Security Checks | medium |
108650 | SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1) | Nessus | SuSE Local Security Checks | high |
108483 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : PHP vulnerabilities (USN-3600-1) | Nessus | Ubuntu Local Security Checks | high |
106792 | Ubuntu 14.04 LTS : php5 vulnerabilities (USN-3566-1) | Nessus | Ubuntu Local Security Checks | high |
106691 | Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-946) | Nessus | Amazon Linux Local Security Checks | medium |
106586 | Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2018-034-01) | Nessus | Slackware Local Security Checks | medium |
106550 | openSUSE Security Update : php7 (openSUSE-2018-119) | Nessus | SuSE Local Security Checks | medium |
106434 | openSUSE Security Update : php5 (openSUSE-2018-99) | Nessus | SuSE Local Security Checks | medium |
106207 | Debian DLA-1251-1 : php5 security update | Nessus | Debian Local Security Checks | medium |
105774 | PHP 7.2.x < 7.2.1 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
105773 | PHP 7.1.x < 7.1.13 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
105772 | PHP 7.0.x < 7.0.27 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
105771 | PHP 5.6.x < 5.6.33 Multiple Vulnerabilities | Nessus | CGI abuses | medium |