CVE-2018-5712

Published: 16 January 2018

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.33)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.23)
Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=73ca9b37731dd9690ffd9706333b17eaf90ea091
php7.0
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.27)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.0.28-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

php7.1
Launchpad, Ubuntu, Debian
Upstream
Released (7.1.13)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

php7.2
Launchpad, Ubuntu, Debian
Upstream
Released (7.2.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.2.2-1ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist