Updated: 2024-11-30 02:33:52.433516
Description:
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.3 |
| CVSS Version 3.x | MEDIUM | 6.1000000000000005 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| EL 6 PHP | php | 5.2 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:48 | ||
| EL 6 PHP | php | 5.3 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:48 | ||
| EL 6 PHP | php | 7.2 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:48 | ||
| EL 6 PHP | php | 8.0 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:43 | ||
| EL 6 PHP | php | 7.1 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:38 | ||
| EL 6 PHP | php | 5.6 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:39 | ||
| EL 6 PHP | php | 7.0 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:39 | ||
| EL 6 PHP | php | 8.1 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:38 | ||
| EL 6 PHP | php | 8.2 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:42 | ||
| EL 6 PHP | php | 5.5 | 6.1 | MEDIUM | Ignored | 2024-05-14 17:19:43 |