Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-5712
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-16 Jan, 2018 | 09:29
Updated At-19 Aug, 2019 | 11:15

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.1MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
The PHP Group
php
>>php>>Versions up to 5.6.32(inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>Versions from 7.0.0(inclusive) to 7.0.26(inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>Versions between 7.1.0(exclusive) and 7.1.12(inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>7.2.0
cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://php.net/ChangeLog-5.phpcve@mitre.org
Release Notes
Vendor Advisory
http://php.net/ChangeLog-7.phpcve@mitre.org
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/102742cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/104020cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040363cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1296cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2519cve@mitre.org
N/A
https://bugs.php.net/bug.php?id=74782cve@mitre.org
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00025.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3566-1/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/3600-1/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/3600-2/cve@mitre.org
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlcve@mitre.org
N/A
Hyperlink: http://php.net/ChangeLog-5.php
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://php.net/ChangeLog-7.php
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/102742
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/104020
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040363
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1296
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2519
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.php.net/bug.php?id=74782
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3566-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3600-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3600-2/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: cve@mitre.org
Resource: N/A
Change History
0Changes found
Details not found