cnvd-2018-08744
Vulnerability from cnvd

Title: PHP ext/phar/phar_object.c文件存在反射型跨站脚本漏洞

Description:

PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言支持多重语法、支持多数据库及操作系统和支持C、C++进行程序扩展等。

PHP ext/phar/phar_object.c文件存在反射型跨站脚本漏洞。由于通过对.phar文件的请求数据,可在PHAR 403和404错误页面上触发,攻击者可利用该漏洞在浏览器中执行任意脚本代码,而不会引起用户的注意。这可能导致基于cookie的身份验证凭据被窃取或发起其它攻击。(注:此漏洞是由于CVE-2018-5712修复程序不完整而存在的)

Severity:

Patch Name: PHP ext/phar/phar_object.c文件存在反射型跨站脚本漏洞的补丁

Patch Description:

PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言支持多重语法、支持多数据库及操作系统和支持C、C++进行程序扩展等。

PHP ext/phar/phar_object.c文件存在反射型跨站脚本漏洞。由于通过对.phar文件的请求数据,可在PHAR 403和404错误页面上触发,攻击者可利用该漏洞在浏览器中执行任意脚本代码,而不会引起用户的注意。这可能导致基于cookie的身份验证凭据被窃取或发起其它攻击。(注:此漏洞是由于CVE-2018-5712修复程序不完整而存在的)目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php

Reference: https://bugs.php.net/bug.php?id=76129 https://nvd.nist.gov/vuln/detail/CVE-2018-10547

Impacted products
Name
['PHP PHP >=5.0,<=5.6.36', 'PHP PHP >=7.0,<=7.0.30', 'PHP PHP >=7.1,<=7.1.17', 'PHP PHP >=7.2,<=7.2.5']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10547"
    }
  },
  "description": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHP Group\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u652f\u6301\u591a\u91cd\u8bed\u6cd5\u3001\u652f\u6301\u591a\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u548c\u652f\u6301C\u3001C++\u8fdb\u884c\u7a0b\u5e8f\u6269\u5c55\u7b49\u3002 \r\n\r\nPHP ext/phar/phar_object.c\u6587\u4ef6\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u7531\u4e8e\u901a\u8fc7\u5bf9.phar\u6587\u4ef6\u7684\u8bf7\u6c42\u6570\u636e\uff0c\u53ef\u5728PHAR 403\u548c404\u9519\u8bef\u9875\u9762\u4e0a\u89e6\u53d1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\uff0c\u800c\u4e0d\u4f1a\u5f15\u8d77\u7528\u6237\u7684\u6ce8\u610f\u3002\u8fd9\u53ef\u80fd\u5bfc\u81f4\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\u88ab\u7a83\u53d6\u6216\u53d1\u8d77\u5176\u5b83\u653b\u51fb\u3002\uff08\u6ce8\uff1a\u6b64\u6f0f\u6d1e\u662f\u7531\u4e8eCVE-2018-5712\u4fee\u590d\u7a0b\u5e8f\u4e0d\u5b8c\u6574\u800c\u5b58\u5728\u7684\uff09",
  "discovererName": "Stefan Cornelius / Red Hat Product Security",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://php.net/ChangeLog-5.php\r\nhttp://php.net/ChangeLog-7.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-08744",
  "openTime": "2018-05-02",
  "patchDescription": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHP Group\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u652f\u6301\u591a\u91cd\u8bed\u6cd5\u3001\u652f\u6301\u591a\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u548c\u652f\u6301C\u3001C++\u8fdb\u884c\u7a0b\u5e8f\u6269\u5c55\u7b49\u3002 \r\n\r\nPHP ext/phar/phar_object.c\u6587\u4ef6\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u7531\u4e8e\u901a\u8fc7\u5bf9.phar\u6587\u4ef6\u7684\u8bf7\u6c42\u6570\u636e\uff0c\u53ef\u5728PHAR 403\u548c404\u9519\u8bef\u9875\u9762\u4e0a\u89e6\u53d1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\uff0c\u800c\u4e0d\u4f1a\u5f15\u8d77\u7528\u6237\u7684\u6ce8\u610f\u3002\u8fd9\u53ef\u80fd\u5bfc\u81f4\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\u88ab\u7a83\u53d6\u6216\u53d1\u8d77\u5176\u5b83\u653b\u51fb\u3002\uff08\u6ce8\uff1a\u6b64\u6f0f\u6d1e\u662f\u7531\u4e8eCVE-2018-5712\u4fee\u590d\u7a0b\u5e8f\u4e0d\u5b8c\u6574\u800c\u5b58\u5728\u7684\uff09\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHP ext/phar/phar_object.c\u6587\u4ef6\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "PHP PHP \u003e=5.0\uff0c\u003c=5.6.36",
      "PHP PHP \u003e=7.0\uff0c\u003c=7.0.30",
      "PHP PHP \u003e=7.1\uff0c\u003c=7.1.17",
      "PHP PHP \u003e=7.2\uff0c\u003c=7.2.5"
    ]
  },
  "referenceLink": "https://bugs.php.net/bug.php?id=76129\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10547",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-02",
  "title": "PHP ext/phar/phar_object.c\u6587\u4ef6\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.