HTTP: PHP phar 404 page Reflected Cross-Site Scripting
This signature detects attempts to exploit a XSS vulnerability against PHP. A successful attack can lead to open a maliciously crafted link or file and could lead to arbitrary code execution by the target users browser.
Extended Description
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Affected Products
Php php
References
BugTraq: 102742
CVE: CVE-2018-5712
URL: http://securitytracker.com/id?1040363 http://php.net/changelog-7.php https://bugs.php.net/bug.php?id=74782
Short Name
HTTP:XSS:PHP-PHAR-404
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
404 CVE-2018-5712 Cross-Site PHP Reflected Scripting bid:102742 page phar
Release Date
04/24/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Php
Debian
Canonical
CVSS Score
4.3