CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.6.32
phpphp
7.0.0 ≤
𝑥
≤ 7.0.26
phpphp
7.1.0 <
𝑥
≤ 7.1.12
phpphp
7.2.0
debiandebian_linux
7.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
artful
dne
bionic
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.23
released
xenial
dne
php7.0
artful
dne
bionic
dne
trusty
dne
xenial
Fixed 7.0.28-0ubuntu0.16.04.1
released
php7.1
artful
Fixed 7.1.15-0ubuntu0.17.10.1
released
bionic
dne
trusty
dne
xenial
dne
php7.2
artful
dne
bionic
not-affected
trusty
dne
xenial
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
php
RHEL 7
0:5.4.16-48.el7
fixed
php-bcmath
RHEL 7
0:5.4.16-48.el7
fixed
php-cli
RHEL 7
0:5.4.16-48.el7
fixed
php-common
RHEL 7
0:5.4.16-48.el7
fixed
php-dba
RHEL 7
0:5.4.16-48.el7
fixed
php-devel
RHEL 7
0:5.4.16-48.el7
fixed
php-embedded
RHEL 7
0:5.4.16-48.el7
fixed
php-enchant
RHEL 7
0:5.4.16-48.el7
fixed
php-fpm
RHEL 7
0:5.4.16-48.el7
fixed
php-gd
RHEL 7
0:5.4.16-48.el7
fixed
php-intl
RHEL 7
0:5.4.16-48.el7
fixed
php-ldap
RHEL 7
0:5.4.16-48.el7
fixed
php-mbstring
RHEL 7
0:5.4.16-48.el7
fixed
php-mysql
RHEL 7
0:5.4.16-48.el7
fixed
php-mysqlnd
RHEL 7
0:5.4.16-48.el7
fixed
php-odbc
RHEL 7
0:5.4.16-48.el7
fixed
php-pdo
RHEL 7
0:5.4.16-48.el7
fixed
php-pgsql
RHEL 7
0:5.4.16-48.el7
fixed
php-process
RHEL 7
0:5.4.16-48.el7
fixed
php-pspell
RHEL 7
0:5.4.16-48.el7
fixed
php-recode
RHEL 7
0:5.4.16-48.el7
fixed
php-snmp
RHEL 7
0:5.4.16-48.el7
fixed
php-soap
RHEL 7
0:5.4.16-48.el7
fixed
php-xml
RHEL 7
0:5.4.16-48.el7
fixed
php-xmlrpc
RHEL 7
0:5.4.16-48.el7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
php56
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-bcmath
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-cli
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-common
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-dba
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-dbg
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-debuginfo
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-devel
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-embedded
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-enchant
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-fpm
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-gd
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-gmp
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-imap
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-intl
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-ldap
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-mbstring
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-mcrypt
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-mssql
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-mysqlnd
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-odbc
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-opcache
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-pdo
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-pgsql
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-process
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-pspell
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-recode
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-snmp
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-soap
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-tidy
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-xml
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php56-xmlrpc
Amazon Linux 1
0:5.6.33-1.136.amzn1
fixed
php70
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-bcmath
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-cli
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-common
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-dba
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-dbg
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-debuginfo
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-devel
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-embedded
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-enchant
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-fpm
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-gd
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-gmp
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-imap
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-intl
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-json
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-ldap
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-mbstring
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-mcrypt
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-mysqlnd
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-odbc
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-opcache
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-pdo
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-pdo-dblib
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-pgsql
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-process
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-pspell
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-recode
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-snmp
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-soap
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-tidy
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-xml
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-xmlrpc
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php70-zip
Amazon Linux 1
0:7.0.27-1.27.amzn1
fixed
php71
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-bcmath
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-cli
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-common
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-dba
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-dbg
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-debuginfo
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-devel
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-embedded
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-enchant
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-fpm
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-gd
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-gmp
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-imap
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-intl
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-json
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-ldap
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-mbstring
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-mcrypt
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-mysqlnd
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-odbc
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-opcache
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-pdo
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-pdo-dblib
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-pgsql
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-process
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-pspell
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-recode
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-snmp
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-soap
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-tidy
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-xml
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
php71-xmlrpc
Amazon Linux 1
0:7.1.13-1.30.amzn1
fixed
Common Weakness Enumeration
References
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/102742
http://www.securityfocus.com/bid/104020
http://www.securitytracker.com/id/1040363
https://access.redhat.com/errata/RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=74782
https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
https://usn.ubuntu.com/3566-1/
https://usn.ubuntu.com/3600-1/
https://usn.ubuntu.com/3600-2/
https://www.oracle.com/security-alerts/cpuapr2020.html
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/102742
http://www.securityfocus.com/bid/104020
http://www.securitytracker.com/id/1040363
https://access.redhat.com/errata/RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2019:2519
https://bugs.php.net/bug.php?id=74782
https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
https://usn.ubuntu.com/3566-1/
https://usn.ubuntu.com/3600-1/
https://usn.ubuntu.com/3600-2/
https://www.oracle.com/security-alerts/cpuapr2020.html