CVE-2018-10547
php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.
Se ha descubierto un problema en ext/phar/phar_object.c en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. Hay XSS reflejado en las página de error 403 y 404 de PHAR mediante los datos de petición de una petición de un archivo .phar. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2018-5712.
It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-29 CVE Reserved
- 2018-04-29 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1040807 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20180607-0003 | Third Party Advisory |
|
| https://www.tenable.com/security/tns-2018-12 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://php.net/ChangeLog-5.php | 2019-08-19 | |
| http://php.net/ChangeLog-7.php | 2019-08-19 | |
| https://bugs.php.net/bug.php?id=76129 | 2019-08-19 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:2519 | 2019-08-19 | |
| https://usn.ubuntu.com/3646-1 | 2019-08-19 | |
| https://usn.ubuntu.com/3646-2 | 2019-08-19 | |
| https://www.debian.org/security/2018/dsa-4240 | 2019-08-19 | |
| https://access.redhat.com/security/cve/CVE-2018-10547 | 2020-03-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1573814 | 2020-03-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | < 5.6.36 Search vendor "Php" for product "Php" and version " < 5.6.36" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.30 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.1.0 < 7.1.17 Search vendor "Php" for product "Php" and version " >= 7.1.0 < 7.1.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.2.0 < 7.2.5 Search vendor "Php" for product "Php" and version " >= 7.2.0 < 7.2.5" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Automation Store Search vendor "Netapp" for product "Storage Automation Store" | - | - |
Affected
| ||||||