[3.8] php5: XSS due to the header Transfer-Encoding: chunked (CVE-2018-17082)
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x
before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a
“Transfer-Encoding: chunked” request,
because the bucket brigade is mishandled in the php_handler function in
sapi/apache2handler/sapi_apache2.c.
Fixed In Version:
php 5.6.38, php 7.0.32, php 7.1.22, php 7.2.10
References:
https://bugs.php.net/bug.php?id=76582
https://nvd.nist.gov/vuln/detail/CVE-2018-17082
Patch:
https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
(from redmine: issue id 9547, created on 2018-10-09, closed on 2018-10-25)