First published: Thu Sep 13 2018(Updated: )
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
<7.0.32 | 7.0.32 | |
redhat/rh-php71-php | <0:7.1.30-1.el7 | 0:7.1.30-1.el7 |
PHP PHP | <5.6.38 | |
PHP PHP | >=7.0.0<7.0.32 | |
PHP PHP | >=7.1.0<7.1.22 | |
PHP PHP | >=7.2.0<7.2.10 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Netapp Storage Automation Store | ||
redhat/php | <5.6.38 | 5.6.38 |
redhat/php | <7.0.32 | 7.0.32 |
redhat/php | <7.1.22 | 7.1.22 |
redhat/php | <7.2.10 | 7.2.10 |
debian/php7.3 | 7.3.31-1~deb10u1 7.3.31-1~deb10u5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.