Lucene search

Veracode Vulnerability DatabaseVERACODE:19311

HistoryMay 16, 2019 - 2:59 a.m.

Information Disclosure

2019-05-1602:59:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

PHP is vulnerable to information disclosure vulnerability. This is because an error in the date extension’s timelib_meridian handling of ‘front of’ and ‘back of’ directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function.

CPENameOperatorVersion
rh-php70-phpeq7.0.10__2.el7
rh-php70-phpeq7.0.10__2.el6
rh-php71-phpeq7.1.8__1.el7

Name	Operator	Version
rh-php70-php	eq	7.0.10__2.el7
rh-php70-php	eq	7.0.10__2.el6
rh-php71-php	eq	7.1.8__1.el7

References

php.net/ChangeLog-5.php

php.net/ChangeLog-7.php

www.securityfocus.com/bid/101745

access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php

access.redhat.com/errata/RHSA-2018:1296

access.redhat.com/errata/RHSA-2019:2519

access.redhat.com/security/updates/classification/#moderate

bugs.php.net/bug.php?id=75055

github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536

github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1

security.netapp.com/advisory/ntap-20181123-0001/

usn.ubuntu.com/3566-1/

www.debian.org/security/2018/dsa-4080

www.debian.org/security/2018/dsa-4081

www.exploit-db.com/exploits/43133/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:19311