Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2018-946
HistoryFeb 07, 2018 - 5:10 p.m.

Medium: php56, php70, php71

2018-02-0717:10:00
alas.aws.amazon.com
47

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.62 Medium

EPSS

Percentile

97.8%

JSON

Issue Overview:

Reflected XSS in .phar 404 page
An issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. (CVE-2018-5712)

Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c
The gd_gif_in.c file in the GD Graphics Library (aka libgd), as used in PHP has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. (CVE-2018-5711)

Affected Packages:

php56, php70, php71

Issue Correction:
Run yum update php56 to update your system.
Run yum update php70 to update your system.
Run yum update php71 to update your system.

New Packages:

i686:  
    php71-soap-7.1.13-1.30.amzn1.i686  
    php71-intl-7.1.13-1.30.amzn1.i686  
    php71-ldap-7.1.13-1.30.amzn1.i686  
    php71-7.1.13-1.30.amzn1.i686  
    php71-pspell-7.1.13-1.30.amzn1.i686  
    php71-opcache-7.1.13-1.30.amzn1.i686  
    php71-gmp-7.1.13-1.30.amzn1.i686  
    php71-snmp-7.1.13-1.30.amzn1.i686  
    php71-odbc-7.1.13-1.30.amzn1.i686  
    php71-embedded-7.1.13-1.30.amzn1.i686  
    php71-pgsql-7.1.13-1.30.amzn1.i686  
    php71-tidy-7.1.13-1.30.amzn1.i686  
    php71-xmlrpc-7.1.13-1.30.amzn1.i686  
    php71-imap-7.1.13-1.30.amzn1.i686  
    php71-process-7.1.13-1.30.amzn1.i686  
    php71-bcmath-7.1.13-1.30.amzn1.i686  
    php71-debuginfo-7.1.13-1.30.amzn1.i686  
    php71-json-7.1.13-1.30.amzn1.i686  
    php71-pdo-dblib-7.1.13-1.30.amzn1.i686  
    php71-dba-7.1.13-1.30.amzn1.i686  
    php71-dbg-7.1.13-1.30.amzn1.i686  
    php71-mbstring-7.1.13-1.30.amzn1.i686  
    php71-fpm-7.1.13-1.30.amzn1.i686  
    php71-mysqlnd-7.1.13-1.30.amzn1.i686  
    php71-mcrypt-7.1.13-1.30.amzn1.i686  
    php71-cli-7.1.13-1.30.amzn1.i686  
    php71-common-7.1.13-1.30.amzn1.i686  
    php71-recode-7.1.13-1.30.amzn1.i686  
    php71-devel-7.1.13-1.30.amzn1.i686  
    php71-enchant-7.1.13-1.30.amzn1.i686  
    php71-gd-7.1.13-1.30.amzn1.i686  
    php71-pdo-7.1.13-1.30.amzn1.i686  
    php71-xml-7.1.13-1.30.amzn1.i686  
    php70-mysqlnd-7.0.27-1.27.amzn1.i686  
    php70-snmp-7.0.27-1.27.amzn1.i686  
    php70-pdo-7.0.27-1.27.amzn1.i686  
    php70-bcmath-7.0.27-1.27.amzn1.i686  
    php70-gmp-7.0.27-1.27.amzn1.i686  
    php70-dbg-7.0.27-1.27.amzn1.i686  
    php70-soap-7.0.27-1.27.amzn1.i686  
    php70-embedded-7.0.27-1.27.amzn1.i686  
    php70-pgsql-7.0.27-1.27.amzn1.i686  
    php70-ldap-7.0.27-1.27.amzn1.i686  
    php70-recode-7.0.27-1.27.amzn1.i686  
    php70-devel-7.0.27-1.27.amzn1.i686  
    php70-mbstring-7.0.27-1.27.amzn1.i686  
    php70-odbc-7.0.27-1.27.amzn1.i686  
    php70-opcache-7.0.27-1.27.amzn1.i686  
    php70-enchant-7.0.27-1.27.amzn1.i686  
    php70-common-7.0.27-1.27.amzn1.i686  
    php70-imap-7.0.27-1.27.amzn1.i686  
    php70-mcrypt-7.0.27-1.27.amzn1.i686  
    php70-tidy-7.0.27-1.27.amzn1.i686  
    php70-intl-7.0.27-1.27.amzn1.i686  
    php70-gd-7.0.27-1.27.amzn1.i686  
    php70-xml-7.0.27-1.27.amzn1.i686  
    php70-xmlrpc-7.0.27-1.27.amzn1.i686  
    php70-zip-7.0.27-1.27.amzn1.i686  
    php70-cli-7.0.27-1.27.amzn1.i686  
    php70-fpm-7.0.27-1.27.amzn1.i686  
    php70-process-7.0.27-1.27.amzn1.i686  
    php70-dba-7.0.27-1.27.amzn1.i686  
    php70-7.0.27-1.27.amzn1.i686  
    php70-pspell-7.0.27-1.27.amzn1.i686  
    php70-json-7.0.27-1.27.amzn1.i686  
    php70-pdo-dblib-7.0.27-1.27.amzn1.i686  
    php70-debuginfo-7.0.27-1.27.amzn1.i686  
    php56-mysqlnd-5.6.33-1.136.amzn1.i686  
    php56-tidy-5.6.33-1.136.amzn1.i686  
    php56-5.6.33-1.136.amzn1.i686  
    php56-soap-5.6.33-1.136.amzn1.i686  
    php56-mssql-5.6.33-1.136.amzn1.i686  
    php56-pspell-5.6.33-1.136.amzn1.i686  
    php56-enchant-5.6.33-1.136.amzn1.i686  
    php56-xmlrpc-5.6.33-1.136.amzn1.i686  
    php56-odbc-5.6.33-1.136.amzn1.i686  
    php56-process-5.6.33-1.136.amzn1.i686  
    php56-imap-5.6.33-1.136.amzn1.i686  
    php56-recode-5.6.33-1.136.amzn1.i686  
    php56-pgsql-5.6.33-1.136.amzn1.i686  
    php56-gmp-5.6.33-1.136.amzn1.i686  
    php56-cli-5.6.33-1.136.amzn1.i686  
    php56-snmp-5.6.33-1.136.amzn1.i686  
    php56-dbg-5.6.33-1.136.amzn1.i686  
    php56-embedded-5.6.33-1.136.amzn1.i686  
    php56-debuginfo-5.6.33-1.136.amzn1.i686  
    php56-intl-5.6.33-1.136.amzn1.i686  
    php56-bcmath-5.6.33-1.136.amzn1.i686  
    php56-xml-5.6.33-1.136.amzn1.i686  
    php56-ldap-5.6.33-1.136.amzn1.i686  
    php56-gd-5.6.33-1.136.amzn1.i686  
    php56-fpm-5.6.33-1.136.amzn1.i686  
    php56-pdo-5.6.33-1.136.amzn1.i686  
    php56-devel-5.6.33-1.136.amzn1.i686  
    php56-common-5.6.33-1.136.amzn1.i686  
    php56-opcache-5.6.33-1.136.amzn1.i686  
    php56-dba-5.6.33-1.136.amzn1.i686  
    php56-mbstring-5.6.33-1.136.amzn1.i686  
    php56-mcrypt-5.6.33-1.136.amzn1.i686  
  
src:  
    php71-7.1.13-1.30.amzn1.src  
    php70-7.0.27-1.27.amzn1.src  
    php56-5.6.33-1.136.amzn1.src  
  
x86_64:  
    php71-debuginfo-7.1.13-1.30.amzn1.x86_64  
    php71-gd-7.1.13-1.30.amzn1.x86_64  
    php71-odbc-7.1.13-1.30.amzn1.x86_64  
    php71-process-7.1.13-1.30.amzn1.x86_64  
    php71-imap-7.1.13-1.30.amzn1.x86_64  
    php71-mbstring-7.1.13-1.30.amzn1.x86_64  
    php71-mcrypt-7.1.13-1.30.amzn1.x86_64  
    php71-gmp-7.1.13-1.30.amzn1.x86_64  
    php71-soap-7.1.13-1.30.amzn1.x86_64  
    php71-ldap-7.1.13-1.30.amzn1.x86_64  
    php71-snmp-7.1.13-1.30.amzn1.x86_64  
    php71-enchant-7.1.13-1.30.amzn1.x86_64  
    php71-tidy-7.1.13-1.30.amzn1.x86_64  
    php71-pdo-dblib-7.1.13-1.30.amzn1.x86_64  
    php71-json-7.1.13-1.30.amzn1.x86_64  
    php71-embedded-7.1.13-1.30.amzn1.x86_64  
    php71-devel-7.1.13-1.30.amzn1.x86_64  
    php71-7.1.13-1.30.amzn1.x86_64  
    php71-pspell-7.1.13-1.30.amzn1.x86_64  
    php71-common-7.1.13-1.30.amzn1.x86_64  
    php71-recode-7.1.13-1.30.amzn1.x86_64  
    php71-xmlrpc-7.1.13-1.30.amzn1.x86_64  
    php71-pgsql-7.1.13-1.30.amzn1.x86_64  
    php71-cli-7.1.13-1.30.amzn1.x86_64  
    php71-dbg-7.1.13-1.30.amzn1.x86_64  
    php71-xml-7.1.13-1.30.amzn1.x86_64  
    php71-opcache-7.1.13-1.30.amzn1.x86_64  
    php71-fpm-7.1.13-1.30.amzn1.x86_64  
    php71-mysqlnd-7.1.13-1.30.amzn1.x86_64  
    php71-dba-7.1.13-1.30.amzn1.x86_64  
    php71-intl-7.1.13-1.30.amzn1.x86_64  
    php71-pdo-7.1.13-1.30.amzn1.x86_64  
    php71-bcmath-7.1.13-1.30.amzn1.x86_64  
    php70-debuginfo-7.0.27-1.27.amzn1.x86_64  
    php70-dba-7.0.27-1.27.amzn1.x86_64  
    php70-mcrypt-7.0.27-1.27.amzn1.x86_64  
    php70-7.0.27-1.27.amzn1.x86_64  
    php70-tidy-7.0.27-1.27.amzn1.x86_64  
    php70-bcmath-7.0.27-1.27.amzn1.x86_64  
    php70-opcache-7.0.27-1.27.amzn1.x86_64  
    php70-fpm-7.0.27-1.27.amzn1.x86_64  
    php70-pdo-7.0.27-1.27.amzn1.x86_64  
    php70-mysqlnd-7.0.27-1.27.amzn1.x86_64  
    php70-dbg-7.0.27-1.27.amzn1.x86_64  
    php70-gmp-7.0.27-1.27.amzn1.x86_64  
    php70-process-7.0.27-1.27.amzn1.x86_64  
    php70-imap-7.0.27-1.27.amzn1.x86_64  
    php70-snmp-7.0.27-1.27.amzn1.x86_64  
    php70-cli-7.0.27-1.27.amzn1.x86_64  
    php70-ldap-7.0.27-1.27.amzn1.x86_64  
    php70-enchant-7.0.27-1.27.amzn1.x86_64  
    php70-intl-7.0.27-1.27.amzn1.x86_64  
    php70-odbc-7.0.27-1.27.amzn1.x86_64  
    php70-json-7.0.27-1.27.amzn1.x86_64  
    php70-devel-7.0.27-1.27.amzn1.x86_64  
    php70-recode-7.0.27-1.27.amzn1.x86_64  
    php70-pspell-7.0.27-1.27.amzn1.x86_64  
    php70-common-7.0.27-1.27.amzn1.x86_64  
    php70-soap-7.0.27-1.27.amzn1.x86_64  
    php70-xml-7.0.27-1.27.amzn1.x86_64  
    php70-xmlrpc-7.0.27-1.27.amzn1.x86_64  
    php70-pdo-dblib-7.0.27-1.27.amzn1.x86_64  
    php70-pgsql-7.0.27-1.27.amzn1.x86_64  
    php70-gd-7.0.27-1.27.amzn1.x86_64  
    php70-zip-7.0.27-1.27.amzn1.x86_64  
    php70-embedded-7.0.27-1.27.amzn1.x86_64  
    php70-mbstring-7.0.27-1.27.amzn1.x86_64  
    php56-intl-5.6.33-1.136.amzn1.x86_64  
    php56-cli-5.6.33-1.136.amzn1.x86_64  
    php56-pspell-5.6.33-1.136.amzn1.x86_64  
    php56-gmp-5.6.33-1.136.amzn1.x86_64  
    php56-soap-5.6.33-1.136.amzn1.x86_64  
    php56-devel-5.6.33-1.136.amzn1.x86_64  
    php56-process-5.6.33-1.136.amzn1.x86_64  
    php56-enchant-5.6.33-1.136.amzn1.x86_64  
    php56-xml-5.6.33-1.136.amzn1.x86_64  
    php56-mssql-5.6.33-1.136.amzn1.x86_64  
    php56-snmp-5.6.33-1.136.amzn1.x86_64  
    php56-pdo-5.6.33-1.136.amzn1.x86_64  
    php56-debuginfo-5.6.33-1.136.amzn1.x86_64  
    php56-xmlrpc-5.6.33-1.136.amzn1.x86_64  
    php56-mcrypt-5.6.33-1.136.amzn1.x86_64  
    php56-dba-5.6.33-1.136.amzn1.x86_64  
    php56-bcmath-5.6.33-1.136.amzn1.x86_64  
    php56-opcache-5.6.33-1.136.amzn1.x86_64  
    php56-dbg-5.6.33-1.136.amzn1.x86_64  
    php56-pgsql-5.6.33-1.136.amzn1.x86_64  
    php56-common-5.6.33-1.136.amzn1.x86_64  
    php56-ldap-5.6.33-1.136.amzn1.x86_64  
    php56-odbc-5.6.33-1.136.amzn1.x86_64  
    php56-5.6.33-1.136.amzn1.x86_64  
    php56-recode-5.6.33-1.136.amzn1.x86_64  
    php56-mbstring-5.6.33-1.136.amzn1.x86_64  
    php56-fpm-5.6.33-1.136.amzn1.x86_64  
    php56-imap-5.6.33-1.136.amzn1.x86_64  
    php56-gd-5.6.33-1.136.amzn1.x86_64  
    php56-embedded-5.6.33-1.136.amzn1.x86_64  
    php56-mysqlnd-5.6.33-1.136.amzn1.x86_64  
    php56-tidy-5.6.33-1.136.amzn1.x86_64

Additional References

Red Hat: CVE-2018-5711, CVE-2018-5712

Mitre: CVE-2018-5711, CVE-2018-5712

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686php71-soap< 7.1.13-1.30.amzn1php71-soap-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-intl< 7.1.13-1.30.amzn1php71-intl-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-ldap< 7.1.13-1.30.amzn1php71-ldap-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71< 7.1.13-1.30.amzn1php71-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-pspell< 7.1.13-1.30.amzn1php71-pspell-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-opcache< 7.1.13-1.30.amzn1php71-opcache-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-gmp< 7.1.13-1.30.amzn1php71-gmp-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-snmp< 7.1.13-1.30.amzn1php71-snmp-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-odbc< 7.1.13-1.30.amzn1php71-odbc-7.1.13-1.30.amzn1.i686.rpm
Amazon Linux1i686php71-embedded< 7.1.13-1.30.amzn1php71-embedded-7.1.13-1.30.amzn1.i686.rpm
Rows per page:
1-10 of 1981

Related

nessus 43
openvas 37
slackware 3
osv 8
prion 3
veracode 4
cve 3
ubuntucve 3
fedora 8
redhatcve 3
f5 3
debian 6
alpinelinux 3
debiancve 3
hackerone 1
seebug 1
suse 1
cloudfoundry 1
mageia 1
ubuntu 4
photon 1
gentoo 1
redhat 3
centos 1
ibm 2
oraclelinux 1
amazon 1
cloudlinux 1
rosalinux 1
oracle 1
nessus
nessus
SUSE SLES12 Security Update : php7 (SUSE-SU-2018:0308-1)
2019-01-02 00:00:00
Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-946)
2018-02-09 00:00:00
openSUSE Security Update : php5 (openSUSE-2018-99)
2018-01-29 00:00:00
openvas
openvas
PHP 'PHAR' Error Page Reflected XSS And DoS Vulnerabilities - Windows
2018-01-19 00:00:00
PHP 'PHAR' Error Page Reflected XSS And DoS Vulnerabilities - Linux
2018-01-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0216-1)
2021-06-09 00:00:00
slackware
slackware
[slackware-security] php
2018-02-04 07:16:29
[slackware-security] php
2018-05-17 04:21:18
[slackware-security] gd
2020-03-23 20:45:50
osv
osv
libgd2 - security update
2018-01-19 00:00:00
php5 - security update
2018-01-20 00:00:00
CVE-2018-5711
2018-01-16 09:29:00
prion
prion
Integer overflow
2018-01-16 09:29:00
Cross site scripting
2018-01-16 09:29:00
Design/Logic Flaw
2018-04-29 21:29:00
veracode
veracode
Denial Of Service (DoS) Through Infinite Loop
2019-05-16 03:00:00
Cross-site Scripting (XSS)
2019-05-16 03:00:00
Cross-site Scripting (XSS)
2019-08-20 00:10:41
cve
cve
CVE-2018-5711
2018-01-16 09:29:00
CVE-2018-5712
2018-01-16 09:29:00
CVE-2018-10547
2018-04-29 21:29:00
ubuntucve
ubuntucve
CVE-2018-5711
2018-01-16 00:00:00
CVE-2018-5712
2018-01-16 00:00:00
CVE-2018-10547
2018-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: gd-2.2.5-3.fc28
2018-04-04 15:54:13
[SECURITY] Fedora 26 Update: gd-2.2.5-2.fc26
2018-04-04 16:48:02
[SECURITY] Fedora 27 Update: gd-2.2.5-3.fc27
2018-03-28 23:51:17
redhatcve
redhatcve
CVE-2018-5711
2019-12-28 03:41:54
CVE-2018-5712
2019-11-04 09:50:26
CVE-2018-10547
2018-05-02 10:29:35
f5
f5
K43223005 : PHP vulnerability CVE-2018-5711
2018-02-06 00:00:00
K10204425 : PHP vulnerability CVE-2018-5712
2018-01-24 00:00:00
K61561040 : PHP vulnerability CVE-2018-10547
2018-05-07 00:00:00
debian
debian
[SECURITY] [DLA 1248-1] libgd2 security update
2018-01-19 04:58:18
[SECURITY] [DLA 1251-1] php5 security update
2018-01-20 15:25:36
[SECURITY] [DLA 1651-1] libgd2 security update
2019-01-30 20:45:03
alpinelinux
alpinelinux
CVE-2018-5711
2018-01-16 09:29:00
CVE-2018-5712
2018-01-16 09:29:00
CVE-2018-10547
2018-04-29 21:29:00
debiancve
debiancve
CVE-2018-5711
2018-01-16 09:29:00
CVE-2018-5712
2018-01-16 09:29:00
CVE-2018-10547
2018-04-29 21:29:00
hackerone
hackerone
Internet Bug Bounty: Potential infinite loop in gdImageCreateFromGifCtx!
2018-01-17 17:27:50
seebug
seebug
PHP CVE-2018-5711 - Hanging Websites by a Harmful GIF
2018-02-02 00:00:00
suse
suse
Security update for php53 (important)
2018-03-26 15:08:04
cloudfoundry
cloudfoundry
USN-3755-1: GD vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
mageia
mageia
Updated libgd packages fix security vulnerabilities
2018-09-02 22:07:30
ubuntu
ubuntu
GD vulnerabilities
2018-08-27 00:00:00
PHP vulnerabilities
2018-05-15 00:00:00
PHP vulnerabilities
2018-03-19 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0612
2023-07-13 00:00:00
gentoo
gentoo
GD: Multiple vulnerabilities
2019-03-28 00:00:00
redhat
redhat
(RHSA-2020:1112) Moderate: php security update
2020-03-31 09:20:14
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
centos
centos
php security update
2020-04-08 19:04:38
ibm
ibm
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in php
2018-07-27 01:22:37
Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018
2019-01-28 17:05:01
oraclelinux
oraclelinux
php security update
2020-04-06 00:00:00
amazon
amazon
Medium: php56, php70, php71
2018-05-10 18:23:00
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.62 Medium

EPSS

Percentile

97.8%

JSON
Related for ALAS-2018-946
nessus43openvas37slackware3osv8prion3veracode4cve3ubuntucve3fedora8redhatcve3f53debian6alpinelinux3debiancve3hackerone1seebug1suse1cloudfoundry1mageia1ubuntu4photon1gentoo1redhat3centos1ibm2oraclelinux1amazon1cloudlinux1rosalinux1oracle1