Project

General

Profile

Bug #9547

[3.8] php5: XSS due to the header Transfer-Encoding: chunked (CVE-2018-17082)

Added by Alicha CH 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
10/09/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request,
because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

Fixed In Version:

php 5.6.38, php 7.0.32, php 7.1.22, php 7.2.10

References:

https://bugs.php.net/bug.php?id=76582
https://nvd.nist.gov/vuln/detail/CVE-2018-17082

Patch:

https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e

History

#1 Updated by Natanael Copa 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-17082)

Also available in: Atom PDF