CVE-2018-17082 - OpenCVE

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Php	Php
Netapp	Storage Automation Store

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

References

Link	Resource
http://php.net/ChangeLog-5.php	Release Notes
http://php.net/ChangeLog-7.php	Release Notes
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=76582	Exploit Issue Tracking Vendor Advisory
https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201812-01	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180924-0001/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4353	Third Party Advisory
https://www.tenable.com/security/tns-2019-07

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-16T15:00:00

Updated: 2019-11-04T21:06:25

Reserved: 2018-09-16T00:00:00

Link: CVE-2018-17082

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-16T15:29:00.253

Modified: 2019-08-19T11:15:13.930

Link: CVE-2018-17082

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-04T21:06:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_MISC"], "url": "http://php.net/ChangeLog-7.php"}, {"name": "DSA-4353", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4353"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e"}, {"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1509-1] php5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=76582"}, {"name": "GLSA-201812-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201812-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180924-0001/"}, {"name": "RHSA-2019:2519", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2019-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17082", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://php.net/ChangeLog-5.php", "refsource": "MISC", "url": "http://php.net/ChangeLog-5.php"}, {"name": "http://php.net/ChangeLog-7.php", "refsource": "MISC", "url": "http://php.net/ChangeLog-7.php"}, {"name": "DSA-4353", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4353"}, {"name": "https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e", "refsource": "MISC", "url": "https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e"}, {"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1509-1] php5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html"}, {"name": "https://bugs.php.net/bug.php?id=76582", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=76582"}, {"name": "GLSA-201812-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201812-01"}, {"name": "https://security.netapp.com/advisory/ntap-20180924-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180924-0001/"}, {"name": "RHSA-2019:2519", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "https://www.tenable.com/security/tns-2019-07", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-07"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17082", "datePublished": "2018-09-16T15:00:00", "dateReserved": "2018-09-16T00:00:00", "dateUpdated": "2019-11-04T21:06:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9248490-9A20-4460-B86A-24C93003E4F8", "versionEndExcluding": "5.6.38", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "10CEAD5B-EBF6-4F97-8FF5-9A6F7EE4ED63", "versionEndExcluding": "7.0.32", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5EC8503-F23F-41D8-9C11-E19A5326C23B", "versionEndExcluding": "7.1.22", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "328F266C-29A2-458B-8B2F-B83C65EB22BB", "versionEndExcluding": "7.2.10", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c."}, {"lang": "es", "value": "El componente Apache2 en PHP en versiones anteriores a la 5.6.38, versiones 7.0.x anteriores a la 7.0.32, versiones 7.1.x anteriores a la 7.1.22 y versiones 7.2.x anteriores a la 7.2.10 permite Cross-Site Scripting (XSS) mediante el cuerpo de una petici\u00f3n \"Transfer-Encoding: chunked\". Esto se debe a que bucket brigade se gestiona de manera incorrecta en la funci\u00f3n php_handler en sapi apache2handler sapi_apache2.c."}], "id": "CVE-2018-17082", "lastModified": "2019-08-19T11:15:13.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-16T15:29:00.253", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://php.net/ChangeLog-5.php"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://php.net/ChangeLog-7.php"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=76582"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201812-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180924-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4353"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/tns-2019-07"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}