Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2018-10547First vendor Publication2018-04-29
VendorCveLast vendor Modification2019-03-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547

CWE : Common Weakness Enumeration

%idName
100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application791
Os5
Os3

Snort® IPS/IDS

DateDescription
2018-06-26PHP .phar cross site scripting attempt
RuleID : 46808 - Revision : 2 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO
2018-07-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO
2018-06-27Name : The remote Debian host is missing a security update.
File : debian_DLA-1397.nasl - Type : ACT_GATHER_INFO
2018-05-17Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-136-02.nasl - Type : ACT_GATHER_INFO
2018-05-11Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1019.nasl - Type : ACT_GATHER_INFO
2018-05-10Name : The remote Debian host is missing a security update.
File : debian_DLA-1373.nasl - Type : ACT_GATHER_INFO
2018-05-04Name : The remote Fedora host is missing a security update.
File : fedora_2018-04f6056c42.nasl - Type : ACT_GATHER_INFO
2018-05-04Name : The remote Fedora host is missing a security update.
File : fedora_2018-6071a600e8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=76129
https://security.netapp.com/advisory/ntap-20180607-0003/
https://www.tenable.com/security/tns-2018-12
DEBIAN https://www.debian.org/security/2018/dsa-4240
MLIST https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
SECTRACK http://www.securitytracker.com/id/1040807
UBUNTU https://usn.ubuntu.com/3646-1/
https://usn.ubuntu.com/3646-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
DateInformations
2019-06-08 12:10:04
  • Multiple Updates
2019-03-15 21:19:18
  • Multiple Updates
2018-10-02 12:13:07
  • Multiple Updates
2018-09-19 17:19:51
  • Multiple Updates
2018-07-09 05:18:01
  • Multiple Updates
2018-06-28 09:19:11
  • Multiple Updates
2018-06-09 09:19:08
  • Multiple Updates
2018-06-06 00:19:31
  • Multiple Updates
2018-05-18 09:19:26
  • Multiple Updates
2018-05-16 09:19:32
  • Multiple Updates
2018-05-11 09:19:11
  • Multiple Updates
2018-05-03 09:19:30
  • Multiple Updates
2018-04-30 00:19:45
  • First insertion