Vulnerabilities > CVE-2018-14884 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Php
| 157 |
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family CGI abuses NASL id PHP_7_2_1.NASL description According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.1. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 105774 published 2018-01-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105774 title PHP 7.2.x < 7.2.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105774); script_version("1.9"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-5711", "CVE-2018-5712", "CVE-2018-14884"); script_bugtraq_id(102742, 102743, 104968); script_name(english:"PHP 7.2.x < 7.2.1 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.1. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2018-5712) - A denial of service (DoS) vulnerability exists in the ext/standard/http_fopen_wrapper.c script due to http_header_value possibly being a NULL value in an atoi call. An unauthenticated, remote attacker can exploit this issue, via a specifically crafted HTTP response, to cause the application to stop responding. (CVE-2018-14884) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.2.1"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 7.2.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5712"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); include("http.inc"); include("webapp_func.inc"); vcf::php::initialize(); port = get_http_port(default:80, php:TRUE); app_info = vcf::php::get_app_info(port:port); flags = [ { "xss" : TRUE } ]; constraints = [ { "min_version" : "7.2.0alpha0", "fixed_version" : "7.2.1" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:flags);
NASL family CGI abuses NASL id PHP_7_1_13.NASL description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 105773 published 2018-01-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105773 title PHP 7.1.x < 7.1.13 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105773); script_version("1.9"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-5711", "CVE-2018-5712", "CVE-2018-14884"); script_bugtraq_id(102742, 102743, 104968); script_name(english:"PHP 7.1.x < 7.1.13 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2018-5712) - A denial of service (DoS) vulnerability exists in the ext/standard/http_fopen_wrapper.c script due to http_header_value possibly being a NULL value in an atoi call. An unauthenticated, remote attacker can exploit this issue, via a specifically crafted HTTP response, to cause the application to stop responding. (CVE-2018-14884) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.1.13"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 7.1.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5712"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); include("http.inc"); include("webapp_func.inc"); vcf::php::initialize(); port = get_http_port(default:80, php:TRUE); app_info = vcf::php::get_app_info(port:port); flags = [ { "xss" : TRUE } ]; constraints = [ { "min_version" : "7.1.0alpha0", "fixed_version" : "7.1.13" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:flags);
NASL family CGI abuses NASL id PHP_7_0_27.NASL description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service (DoS) vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gd_gif_in.c script within GD Graphics Library (libgd) due to an integer signedness error. An unauthenticated, remote attacker can exploit this issue, via a crafted GIF file, to cause the applicaiton to stop responding. (CVE-2018-5711) - A cross-site scripting (XSS) vulnerability exists due to improper validation of .phar file before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 105772 published 2018-01-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105772 title PHP 7.0.x < 7.0.27 Multiple Vulnerabilities
Redhat
advisories |
| ||||
rpms |
|
References
- http://php.net/ChangeLog-7.php
- https://access.redhat.com/errata/RHSA-2019:2519
- https://bugs.php.net/bug.php?id=75535
- https://security.netapp.com/advisory/ntap-20181107-0003/
- http://php.net/ChangeLog-7.php
- https://security.netapp.com/advisory/ntap-20181107-0003/
- https://bugs.php.net/bug.php?id=75535
- https://access.redhat.com/errata/RHSA-2019:2519