Multiple vulnerabilities in PHP

Published: 2018-02-07

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2018-5712 CVE-2018-5711
CWE-ID	CWE-79 CWE-835
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	PHP Universal components / Libraries / Scripting languages
Vendor	PHP Group

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Reflected cross-site scripting

EUVDB-ID: #VU10389

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5712

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists on the PHAR 404 error page due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Update to version 7.2.5.

Vulnerable software versions

PHP: 5.6.0 - 7.2.0

CPE2.3

External links

https://bugs.php.net/bug.php?id=74782

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

EUVDB-ID: #VU10390

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5711

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The disclosed vulnerability allows a local unauthenticated attacker to cause DoS condition.

The vulnerability exists in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.

Mitigation

The vulnerability is addressed in the following versions: 5.6.33, 7.0.27, 7.1.13, and 7.2.1.

Vulnerable software versions

PHP: 5.6.0 - 7.2.0

CPE2.3

External links

https://bugs.php.net/bug.php?id=74782

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.