Home CVE Database CVE-2018-17082

CVE-2018-17082

Description

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a Transfer-Encoding: chunked request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

Priority: MEDIUM
CVSS v3: 6.1
Publish Date: Sep 16, 2018
Related ID: --
CVSS v2: MEDIUM
Modified Date: Sep 16, 2018

Find out more about CVE-2018-17082 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

php

Live chat
Online