6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.4%
Issue Overview:
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a “Transfer-Encoding: chunked” request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. (CVE-2018-17082)
Affected Packages:
php56, php70, php71, php72
Issue Correction:
Run yum update php56 to update your system.
Run yum update php70 to update your system.
Run yum update php71 to update your system.
Run yum update php72 to update your system.
New Packages:
i686:
php56-soap-5.6.38-1.140.amzn1.i686
php56-debuginfo-5.6.38-1.140.amzn1.i686
php56-ldap-5.6.38-1.140.amzn1.i686
php56-intl-5.6.38-1.140.amzn1.i686
php56-opcache-5.6.38-1.140.amzn1.i686
php56-enchant-5.6.38-1.140.amzn1.i686
php56-recode-5.6.38-1.140.amzn1.i686
php56-xmlrpc-5.6.38-1.140.amzn1.i686
php56-mssql-5.6.38-1.140.amzn1.i686
php56-fpm-5.6.38-1.140.amzn1.i686
php56-pgsql-5.6.38-1.140.amzn1.i686
php56-odbc-5.6.38-1.140.amzn1.i686
php56-pspell-5.6.38-1.140.amzn1.i686
php56-cli-5.6.38-1.140.amzn1.i686
php56-common-5.6.38-1.140.amzn1.i686
php56-dba-5.6.38-1.140.amzn1.i686
php56-tidy-5.6.38-1.140.amzn1.i686
php56-5.6.38-1.140.amzn1.i686
php56-mbstring-5.6.38-1.140.amzn1.i686
php56-pdo-5.6.38-1.140.amzn1.i686
php56-mysqlnd-5.6.38-1.140.amzn1.i686
php56-mcrypt-5.6.38-1.140.amzn1.i686
php56-process-5.6.38-1.140.amzn1.i686
php56-embedded-5.6.38-1.140.amzn1.i686
php56-devel-5.6.38-1.140.amzn1.i686
php56-dbg-5.6.38-1.140.amzn1.i686
php56-gd-5.6.38-1.140.amzn1.i686
php56-imap-5.6.38-1.140.amzn1.i686
php56-xml-5.6.38-1.140.amzn1.i686
php56-snmp-5.6.38-1.140.amzn1.i686
php56-bcmath-5.6.38-1.140.amzn1.i686
php56-gmp-5.6.38-1.140.amzn1.i686
php71-debuginfo-7.1.23-1.34.amzn1.i686
php71-pspell-7.1.23-1.34.amzn1.i686
php71-pgsql-7.1.23-1.34.amzn1.i686
php71-dba-7.1.23-1.34.amzn1.i686
php71-snmp-7.1.23-1.34.amzn1.i686
php71-recode-7.1.23-1.34.amzn1.i686
php71-mbstring-7.1.23-1.34.amzn1.i686
php71-dbg-7.1.23-1.34.amzn1.i686
php71-opcache-7.1.23-1.34.amzn1.i686
php71-xmlrpc-7.1.23-1.34.amzn1.i686
php71-intl-7.1.23-1.34.amzn1.i686
php71-devel-7.1.23-1.34.amzn1.i686
php71-imap-7.1.23-1.34.amzn1.i686
php71-common-7.1.23-1.34.amzn1.i686
php71-soap-7.1.23-1.34.amzn1.i686
php71-process-7.1.23-1.34.amzn1.i686
php71-pdo-dblib-7.1.23-1.34.amzn1.i686
php71-bcmath-7.1.23-1.34.amzn1.i686
php71-xml-7.1.23-1.34.amzn1.i686
php71-enchant-7.1.23-1.34.amzn1.i686
php71-odbc-7.1.23-1.34.amzn1.i686
php71-gd-7.1.23-1.34.amzn1.i686
php71-gmp-7.1.23-1.34.amzn1.i686
php71-fpm-7.1.23-1.34.amzn1.i686
php71-pdo-7.1.23-1.34.amzn1.i686
php71-ldap-7.1.23-1.34.amzn1.i686
php71-mysqlnd-7.1.23-1.34.amzn1.i686
php71-json-7.1.23-1.34.amzn1.i686
php71-embedded-7.1.23-1.34.amzn1.i686
php71-mcrypt-7.1.23-1.34.amzn1.i686
php71-tidy-7.1.23-1.34.amzn1.i686
php71-cli-7.1.23-1.34.amzn1.i686
php71-7.1.23-1.34.amzn1.i686
php70-dbg-7.0.32-1.31.amzn1.i686
php70-gmp-7.0.32-1.31.amzn1.i686
php70-common-7.0.32-1.31.amzn1.i686
php70-snmp-7.0.32-1.31.amzn1.i686
php70-mbstring-7.0.32-1.31.amzn1.i686
php70-pdo-dblib-7.0.32-1.31.amzn1.i686
php70-fpm-7.0.32-1.31.amzn1.i686
php70-gd-7.0.32-1.31.amzn1.i686
php70-ldap-7.0.32-1.31.amzn1.i686
php70-xml-7.0.32-1.31.amzn1.i686
php70-odbc-7.0.32-1.31.amzn1.i686
php70-intl-7.0.32-1.31.amzn1.i686
php70-process-7.0.32-1.31.amzn1.i686
php70-enchant-7.0.32-1.31.amzn1.i686
php70-pgsql-7.0.32-1.31.amzn1.i686
php70-dba-7.0.32-1.31.amzn1.i686
php70-bcmath-7.0.32-1.31.amzn1.i686
php70-tidy-7.0.32-1.31.amzn1.i686
php70-cli-7.0.32-1.31.amzn1.i686
php70-pdo-7.0.32-1.31.amzn1.i686
php70-7.0.32-1.31.amzn1.i686
php70-json-7.0.32-1.31.amzn1.i686
php70-mcrypt-7.0.32-1.31.amzn1.i686
php70-mysqlnd-7.0.32-1.31.amzn1.i686
php70-xmlrpc-7.0.32-1.31.amzn1.i686
php70-zip-7.0.32-1.31.amzn1.i686
php70-embedded-7.0.32-1.31.amzn1.i686
php70-recode-7.0.32-1.31.amzn1.i686
php70-opcache-7.0.32-1.31.amzn1.i686
php70-soap-7.0.32-1.31.amzn1.i686
php70-imap-7.0.32-1.31.amzn1.i686
php70-debuginfo-7.0.32-1.31.amzn1.i686
php70-devel-7.0.32-1.31.amzn1.i686
php70-pspell-7.0.32-1.31.amzn1.i686
php72-pdo-dblib-7.2.11-1.6.amzn1.i686
php72-imap-7.2.11-1.6.amzn1.i686
php72-opcache-7.2.11-1.6.amzn1.i686
php72-devel-7.2.11-1.6.amzn1.i686
php72-dbg-7.2.11-1.6.amzn1.i686
php72-mbstring-7.2.11-1.6.amzn1.i686
php72-bcmath-7.2.11-1.6.amzn1.i686
php72-recode-7.2.11-1.6.amzn1.i686
php72-dba-7.2.11-1.6.amzn1.i686
php72-7.2.11-1.6.amzn1.i686
php72-soap-7.2.11-1.6.amzn1.i686
php72-enchant-7.2.11-1.6.amzn1.i686
php72-snmp-7.2.11-1.6.amzn1.i686
php72-debuginfo-7.2.11-1.6.amzn1.i686
php72-gmp-7.2.11-1.6.amzn1.i686
php72-mysqlnd-7.2.11-1.6.amzn1.i686
php72-fpm-7.2.11-1.6.amzn1.i686
php72-embedded-7.2.11-1.6.amzn1.i686
php72-common-7.2.11-1.6.amzn1.i686
php72-process-7.2.11-1.6.amzn1.i686
php72-json-7.2.11-1.6.amzn1.i686
php72-pgsql-7.2.11-1.6.amzn1.i686
php72-pdo-7.2.11-1.6.amzn1.i686
php72-xml-7.2.11-1.6.amzn1.i686
php72-intl-7.2.11-1.6.amzn1.i686
php72-cli-7.2.11-1.6.amzn1.i686
php72-gd-7.2.11-1.6.amzn1.i686
php72-ldap-7.2.11-1.6.amzn1.i686
php72-odbc-7.2.11-1.6.amzn1.i686
php72-pspell-7.2.11-1.6.amzn1.i686
php72-xmlrpc-7.2.11-1.6.amzn1.i686
php72-tidy-7.2.11-1.6.amzn1.i686
src:
php56-5.6.38-1.140.amzn1.src
php71-7.1.23-1.34.amzn1.src
php70-7.0.32-1.31.amzn1.src
php72-7.2.11-1.6.amzn1.src
x86_64:
php56-recode-5.6.38-1.140.amzn1.x86_64
php56-process-5.6.38-1.140.amzn1.x86_64
php56-dba-5.6.38-1.140.amzn1.x86_64
php56-opcache-5.6.38-1.140.amzn1.x86_64
php56-odbc-5.6.38-1.140.amzn1.x86_64
php56-debuginfo-5.6.38-1.140.amzn1.x86_64
php56-mbstring-5.6.38-1.140.amzn1.x86_64
php56-common-5.6.38-1.140.amzn1.x86_64
php56-devel-5.6.38-1.140.amzn1.x86_64
php56-xml-5.6.38-1.140.amzn1.x86_64
php56-dbg-5.6.38-1.140.amzn1.x86_64
php56-bcmath-5.6.38-1.140.amzn1.x86_64
php56-mysqlnd-5.6.38-1.140.amzn1.x86_64
php56-imap-5.6.38-1.140.amzn1.x86_64
php56-pgsql-5.6.38-1.140.amzn1.x86_64
php56-pspell-5.6.38-1.140.amzn1.x86_64
php56-gmp-5.6.38-1.140.amzn1.x86_64
php56-embedded-5.6.38-1.140.amzn1.x86_64
php56-intl-5.6.38-1.140.amzn1.x86_64
php56-tidy-5.6.38-1.140.amzn1.x86_64
php56-5.6.38-1.140.amzn1.x86_64
php56-snmp-5.6.38-1.140.amzn1.x86_64
php56-ldap-5.6.38-1.140.amzn1.x86_64
php56-gd-5.6.38-1.140.amzn1.x86_64
php56-mcrypt-5.6.38-1.140.amzn1.x86_64
php56-mssql-5.6.38-1.140.amzn1.x86_64
php56-fpm-5.6.38-1.140.amzn1.x86_64
php56-cli-5.6.38-1.140.amzn1.x86_64
php56-enchant-5.6.38-1.140.amzn1.x86_64
php56-xmlrpc-5.6.38-1.140.amzn1.x86_64
php56-soap-5.6.38-1.140.amzn1.x86_64
php56-pdo-5.6.38-1.140.amzn1.x86_64
php71-mcrypt-7.1.23-1.34.amzn1.x86_64
php71-devel-7.1.23-1.34.amzn1.x86_64
php71-embedded-7.1.23-1.34.amzn1.x86_64
php71-pdo-dblib-7.1.23-1.34.amzn1.x86_64
php71-odbc-7.1.23-1.34.amzn1.x86_64
php71-process-7.1.23-1.34.amzn1.x86_64
php71-dbg-7.1.23-1.34.amzn1.x86_64
php71-cli-7.1.23-1.34.amzn1.x86_64
php71-pgsql-7.1.23-1.34.amzn1.x86_64
php71-dba-7.1.23-1.34.amzn1.x86_64
php71-pspell-7.1.23-1.34.amzn1.x86_64
php71-recode-7.1.23-1.34.amzn1.x86_64
php71-imap-7.1.23-1.34.amzn1.x86_64
php71-7.1.23-1.34.amzn1.x86_64
php71-bcmath-7.1.23-1.34.amzn1.x86_64
php71-common-7.1.23-1.34.amzn1.x86_64
php71-xmlrpc-7.1.23-1.34.amzn1.x86_64
php71-fpm-7.1.23-1.34.amzn1.x86_64
php71-debuginfo-7.1.23-1.34.amzn1.x86_64
php71-json-7.1.23-1.34.amzn1.x86_64
php71-mbstring-7.1.23-1.34.amzn1.x86_64
php71-pdo-7.1.23-1.34.amzn1.x86_64
php71-mysqlnd-7.1.23-1.34.amzn1.x86_64
php71-ldap-7.1.23-1.34.amzn1.x86_64
php71-tidy-7.1.23-1.34.amzn1.x86_64
php71-soap-7.1.23-1.34.amzn1.x86_64
php71-gmp-7.1.23-1.34.amzn1.x86_64
php71-enchant-7.1.23-1.34.amzn1.x86_64
php71-xml-7.1.23-1.34.amzn1.x86_64
php71-opcache-7.1.23-1.34.amzn1.x86_64
php71-gd-7.1.23-1.34.amzn1.x86_64
php71-intl-7.1.23-1.34.amzn1.x86_64
php71-snmp-7.1.23-1.34.amzn1.x86_64
php70-dba-7.0.32-1.31.amzn1.x86_64
php70-common-7.0.32-1.31.amzn1.x86_64
php70-odbc-7.0.32-1.31.amzn1.x86_64
php70-enchant-7.0.32-1.31.amzn1.x86_64
php70-xmlrpc-7.0.32-1.31.amzn1.x86_64
php70-7.0.32-1.31.amzn1.x86_64
php70-opcache-7.0.32-1.31.amzn1.x86_64
php70-mysqlnd-7.0.32-1.31.amzn1.x86_64
php70-gmp-7.0.32-1.31.amzn1.x86_64
php70-soap-7.0.32-1.31.amzn1.x86_64
php70-bcmath-7.0.32-1.31.amzn1.x86_64
php70-intl-7.0.32-1.31.amzn1.x86_64
php70-debuginfo-7.0.32-1.31.amzn1.x86_64
php70-zip-7.0.32-1.31.amzn1.x86_64
php70-recode-7.0.32-1.31.amzn1.x86_64
php70-embedded-7.0.32-1.31.amzn1.x86_64
php70-mbstring-7.0.32-1.31.amzn1.x86_64
php70-snmp-7.0.32-1.31.amzn1.x86_64
php70-dbg-7.0.32-1.31.amzn1.x86_64
php70-gd-7.0.32-1.31.amzn1.x86_64
php70-tidy-7.0.32-1.31.amzn1.x86_64
php70-pdo-dblib-7.0.32-1.31.amzn1.x86_64
php70-process-7.0.32-1.31.amzn1.x86_64
php70-json-7.0.32-1.31.amzn1.x86_64
php70-imap-7.0.32-1.31.amzn1.x86_64
php70-ldap-7.0.32-1.31.amzn1.x86_64
php70-pdo-7.0.32-1.31.amzn1.x86_64
php70-pspell-7.0.32-1.31.amzn1.x86_64
php70-pgsql-7.0.32-1.31.amzn1.x86_64
php70-devel-7.0.32-1.31.amzn1.x86_64
php70-fpm-7.0.32-1.31.amzn1.x86_64
php70-xml-7.0.32-1.31.amzn1.x86_64
php70-mcrypt-7.0.32-1.31.amzn1.x86_64
php70-cli-7.0.32-1.31.amzn1.x86_64
php72-recode-7.2.11-1.6.amzn1.x86_64
php72-tidy-7.2.11-1.6.amzn1.x86_64
php72-dba-7.2.11-1.6.amzn1.x86_64
php72-json-7.2.11-1.6.amzn1.x86_64
php72-gd-7.2.11-1.6.amzn1.x86_64
php72-devel-7.2.11-1.6.amzn1.x86_64
php72-gmp-7.2.11-1.6.amzn1.x86_64
php72-ldap-7.2.11-1.6.amzn1.x86_64
php72-dbg-7.2.11-1.6.amzn1.x86_64
php72-debuginfo-7.2.11-1.6.amzn1.x86_64
php72-pgsql-7.2.11-1.6.amzn1.x86_64
php72-odbc-7.2.11-1.6.amzn1.x86_64
php72-xml-7.2.11-1.6.amzn1.x86_64
php72-xmlrpc-7.2.11-1.6.amzn1.x86_64
php72-pdo-7.2.11-1.6.amzn1.x86_64
php72-7.2.11-1.6.amzn1.x86_64
php72-snmp-7.2.11-1.6.amzn1.x86_64
php72-bcmath-7.2.11-1.6.amzn1.x86_64
php72-enchant-7.2.11-1.6.amzn1.x86_64
php72-pdo-dblib-7.2.11-1.6.amzn1.x86_64
php72-common-7.2.11-1.6.amzn1.x86_64
php72-embedded-7.2.11-1.6.amzn1.x86_64
php72-imap-7.2.11-1.6.amzn1.x86_64
php72-mysqlnd-7.2.11-1.6.amzn1.x86_64
php72-opcache-7.2.11-1.6.amzn1.x86_64
php72-process-7.2.11-1.6.amzn1.x86_64
php72-intl-7.2.11-1.6.amzn1.x86_64
php72-pspell-7.2.11-1.6.amzn1.x86_64
php72-mbstring-7.2.11-1.6.amzn1.x86_64
php72-fpm-7.2.11-1.6.amzn1.x86_64
php72-soap-7.2.11-1.6.amzn1.x86_64
php72-cli-7.2.11-1.6.amzn1.x86_64
Red Hat: CVE-2018-17082
Mitre: CVE-2018-17082
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php56-soap | < 5.6.38-1.140.amzn1 | php56-soap-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-debuginfo | < 5.6.38-1.140.amzn1 | php56-debuginfo-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-ldap | < 5.6.38-1.140.amzn1 | php56-ldap-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-intl | < 5.6.38-1.140.amzn1 | php56-intl-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-opcache | < 5.6.38-1.140.amzn1 | php56-opcache-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-enchant | < 5.6.38-1.140.amzn1 | php56-enchant-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-recode | < 5.6.38-1.140.amzn1 | php56-recode-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-xmlrpc | < 5.6.38-1.140.amzn1 | php56-xmlrpc-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-mssql | < 5.6.38-1.140.amzn1 | php56-mssql-5.6.38-1.140.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php56-fpm | < 5.6.38-1.140.amzn1 | php56-fpm-5.6.38-1.140.amzn1.i686.rpm |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.4%