Description

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

Remediation

References

CVE-2018-17082

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7317)

WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)

PostgreSQL Other Vulnerability (CVE-2006-5542)

Severity

Medium

Classification

CVE-2018-17082 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities