Korean
<< Back
VID 22849
Severity 30
Port 80, ...
Protocol TCP
Class CGI
Detailed Description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities.

- Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. (CVE-2018-10545)

- An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. (CVE-2018-10546)

- There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. (CVE-2018-10547)

- ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service. (CVE-2018-10548)

- ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. (CVE-2018-10549)

* References :
http://www.php.net/ChangeLog-7.php#7.0.30

* Platforms Affected:
PHP Prior to 7.0.30
Any operating system Any version
Recommendation Upgrade to the latest version of PHP (7.0.30 or later), available from the PHP web site at http://www.php.net/downloads.php
Related URL CVE-2018-10545,CVE-2018-10546,CVE-2018-10547,CVE-2018-10548,CVE-2018-10549 (CVE)
Related URL 104019,104020,104022 (SecurityFocus)
Related URL (ISS)