admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-111xx/CVE-2017-11143.json

157 lines
4.4 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2017-11143",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-07-10T14:29:00.587",
"lastModified": "2018-05-04T01:29:02.550",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c."
},
{
"lang": "es",
"value": "En PHP anterior a versi\u00f3n 5.6.31, una liberaci\u00f3n no v\u00e1lida en la deserializaci\u00f3n WDDX de par\u00e1metros booleanos podr\u00eda ser utilizada por atacantes capaces de inyectar XML para la deserializaci\u00f3n en el bloqueo del int\u00e9rprete PHP, relacionado con una liberaci\u00f3n no v\u00e1lida para un elemento booleano vac\u00edo en el archivo ext/wddx/wddx.c."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.6.30",
"matchCriteriaId": "399EA21A-9B46-4F4F-9A33-4DC557B11743"
}
]
}
]
}
],
"references": [
{
"url": "http://openwall.com/lists/oss-security/2017/07/10/6",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://php.net/ChangeLog-5.php",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/99553",
"source": "cve@mitre.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1296",
"source": "cve@mitre.org"
},
{
"url": "https://bugs.php.net/bug.php?id=74145",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://git.php.net/?p=php-src.git;a=commit;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20180112-0001/",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2018/dsa-4081",
"source": "cve@mitre.org"
},
{
"url": "https://www.tenable.com/security/tns-2017-12",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue Copy Permalink