CVE-2018-17082
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-17082
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17082.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-17082
- Related
- Published
- 2018-09-16T15:29:00Z
- Modified
- 2024-08-01T08:53:33.585007Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c.
- References
-
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=76582
- https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
- https://security.gentoo.org/glsa/201812-01
- https://security.netapp.com/advisory/ntap-20180924-0001/
- https://www.debian.org/security/2018/dsa-4353
- https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- https://www.tenable.com/security/tns-2019-07
- https://security.alpinelinux.org/vuln/CVE-2018-17082
Affected packages
Alpine:v3.5 / php5
Package
- Name
- php5
- Purl
- pkg:apk/alpine/php5?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.6.38-r0
Affected versions
5.*
5.2.8-r0
5.2.8-r1
5.2.9-r0
5.2.10-r0
5.2.10-r2
5.2.10-r3
5.2.10-r4
5.2.11-r0
5.3.0-r0
5.3.0-r1
5.3.0-r2
5.3.0-r3
5.3.1-r0
5.3.1-r1
5.3.1-r2
5.3.1-r3
5.3.1-r4
5.3.1-r5
5.3.2-r0
5.3.2-r1
5.3.2-r2
5.3.2-r3
5.3.2-r4
5.3.2-r5
5.3.2-r6
5.3.2-r7
5.3.2-r8
5.3.3-r0
5.3.3-r1
5.3.3-r2
5.3.3-r3
5.3.3-r4
5.3.3-r5
5.3.4-r0
5.3.4-r1
5.3.4-r2
5.3.5-r0
5.3.5-r1
5.3.5-r2
5.3.5-r3
5.3.5-r4
5.3.5-r5
5.3.5-r6
5.3.5-r7
5.3.6-r0
5.3.6-r1
5.3.6-r2
5.3.6-r3
5.3.6-r4
5.3.6-r5
5.3.6-r6
5.3.6-r7
5.3.6-r8
5.3.6-r9
5.3.6-r10
5.3.6-r11
5.3.7-r0
5.3.7-r1
5.3.8-r0
5.3.8-r1
5.3.8-r2
5.3.9-r0
5.3.9-r1
5.3.10-r0
5.3.10-r1
5.3.10-r2
5.3.10-r3
5.3.10-r4
5.3.10-r5
5.3.12-r0
5.3.12-r1
5.3.12-r2
5.3.12-r3
5.3.15-r3
5.3.16-r0
5.3.17-r0
5.3.18-r0
5.3.19-r0
5.3.20-r0
5.3.20-r1
5.3.21-r1
5.3.21-r2
5.3.23-r0
5.3.23-r1
5.4.14-r0
5.4.14-r1
5.4.14-r2
5.4.14-r3
5.4.15-r0
5.4.15-r1
5.4.16-r0
5.4.17-r0
5.4.17-r1
5.4.19-r0
5.4.20-r0
5.5.4-r0
5.5.4-r1
5.5.5-r0
5.5.5-r1
5.5.5-r2
5.5.6-r0
5.5.6-r1
5.5.7-r0
5.5.8-r0
5.5.8-r1
5.5.9-r0
5.5.10-r0
5.5.11-r0
5.5.11-r1
5.5.12-r0
5.5.13-r0
5.5.13-r1
5.5.13-r2
5.5.13-r3
5.5.13-r4
5.5.14-r0
5.5.15-r0
5.5.15-r1
5.5.16-r0
5.6.1-r0
5.6.1-r1
5.6.1-r2
5.6.2-r0
5.6.2-r1
5.6.3-r0
5.6.4-r0
5.6.5-r0
5.6.5-r1
5.6.6-r0
5.6.7-r0
5.6.7-r1
5.6.8-r0
5.6.8-r1
5.6.9-r0
5.6.9-r1
5.6.10-r0
5.6.11-r0
5.6.12-r0
5.6.13-r0
5.6.14-r0
5.6.15-r0
5.6.15-r1
5.6.15-r2
5.6.15-r3
5.6.16-r0
5.6.17-r0
5.6.18-r0
5.6.18-r1
5.6.19-r0
5.6.19-r1
5.6.20-r0
5.6.21-r0
5.6.21-r1
5.6.21-r2
5.6.22-r0
5.6.23-r0
5.6.24-r0
5.6.25-r0
5.6.25-r1
5.6.26-r0
5.6.26-r1
5.6.27-r0
5.6.28-r0
5.6.29-r0
5.6.29-r1
5.6.30-r0
5.6.31-r0
5.6.32-r0
5.6.33-r0
5.6.34-r0
5.6.35-r0
5.6.36-r0
5.6.37-r0