id: CVE-2018-17082 info: name: Apache2 - Transfer-Encoding Chunked XSS author: DhiyaneshDK severity: medium description: | Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapi_apache2.c. Attackers can execute malicious scripts via crafted requests by sending a specially crafted chunked request. impact: | Attackers can execute malicious scripts in the context of the affected server, leading to potential session hijacking or data theft. remediation: | Update to PHP 5.6.38, 7.0.32, 7.1.22, or 7.2.10 or later versions. reference: - https://bugs.php.net/bug.php?id=76582 - https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e - https://nvd.nist.gov/vuln/detail/CVE-2018-17082 - https://security.gentoo.org/glsa/201812-01 - https://github.com/ockeghem/web-sec-study/blob/master/why-CVE-2018-17082-is-not-XSS/README.md classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-17082 cwe-id: CWE-79 epss-score: 0.04436 epss-percentile: 0.89233 cpe: cpe:2.3:a:php:php:*:*:*:*:*:*:*:* metadata: verified: false max-request: 1 vendor: php product: php tags: cve,cve2018,php,apache,xss,chunked http: - raw: - | POST / HTTP/1.1 Host: {{Hostname}} Transfer-Encoding: chunked matchers-condition: and matchers: - type: word part: body words: - "Bad Request" - type: word part: content_type words: - "text/html" - type: status status: - 400 # digest: 4b0a0048304602210098460b3067ff4b53339b82fd1e164d43f8d5502023503aa79f19e1f0d8a51b74022100f54943f4676565caa3592d5964bd05cf2a2ec9c8ffa750ffcad485604595ad62:922c64590222798bb761d5b6d8e72950