CVE-2018-17082

Public on 2018-10-17
Modified on 2018-10-18
Description
A cross-site scripting (XSS) vulnerability in Apache2 component of PHP was found. When using 'Transfer-Encoding: chunked', the request allows remote attackers to potentially run a malicious script in a victim's browser. This vulnerability can be exploited only by producing malformed requests and it's believed it's unlikely to be used in practical cross-site scripting attack.
Severity
Medium
CVSS v3 Base Score
4.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 php56 2018-10-17 21:56 ALAS-2018-1090
Amazon Linux 1 php71 2018-10-17 21:56 ALAS-2018-1090
Amazon Linux 1 php70 2018-10-17 21:56 ALAS-2018-1090
Amazon Linux 1 php72 2018-10-17 21:56 ALAS-2018-1090

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD CVSSv3 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N