Executive Summary

Informations
NameCVE-2017-11628First vendor Publication2017-07-25
VendorCveLast vendor Modification2018-05-03

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application693

Nessus® Vulnerability Scanner

DateDescription
2018-07-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO
2018-05-24Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL75543432.nasl - Type : ACT_GATHER_INFO
2018-01-09Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4080.nasl - Type : ACT_GATHER_INFO
2018-01-09Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4081.nasl - Type : ACT_GATHER_INFO
2017-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201709-21.nasl - Type : ACT_GATHER_INFO
2017-09-19Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2522-1.nasl - Type : ACT_GATHER_INFO
2017-09-06Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1010.nasl - Type : ACT_GATHER_INFO
2017-09-05Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-994.nasl - Type : ACT_GATHER_INFO
2017-08-28Name : The remote Debian host is missing a security update.
File : debian_DLA-1066.nasl - Type : ACT_GATHER_INFO
2017-08-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3382-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/99489
CONFIRM https://security.netapp.com/advisory/ntap-20180112-0001/
DEBIAN https://www.debian.org/security/2018/dsa-4080
https://www.debian.org/security/2018/dsa-4081
GENTOO https://security.gentoo.org/glsa/201709-21
MISC http://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac...
http://git.php.net/?p=php-src.git;a=commit;h=5f8380d33e648964d2d5140f329cf2d4...
https://bugs.php.net/bug.php?id=74603
REDHAT https://access.redhat.com/errata/RHSA-2018:1296

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DateInformations
2019-06-08 12:08:46
  • Multiple Updates
2018-10-03 12:06:56
  • Multiple Updates
2018-05-04 09:19:04
  • Multiple Updates
2018-03-12 12:02:25
  • Multiple Updates
2018-01-14 09:21:58
  • Multiple Updates
2018-01-10 13:23:34
  • Multiple Updates
2017-09-26 13:24:57
  • Multiple Updates
2017-09-26 09:24:07
  • Multiple Updates
2017-09-20 13:25:52
  • Multiple Updates
2017-09-08 12:06:30
  • Multiple Updates
2017-09-07 13:24:45
  • Multiple Updates
2017-09-06 13:25:19
  • Multiple Updates
2017-08-29 13:25:31
  • Multiple Updates
2017-08-12 13:24:55
  • Multiple Updates
2017-08-10 17:23:11
  • Multiple Updates
2017-07-28 09:22:35
  • Multiple Updates
2017-07-26 05:22:17
  • First insertion