mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
260 lines
8.3 KiB
JSON
260 lines
8.3 KiB
JSON
{
|
|
"id": "CVE-2017-11142",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2017-07-10T14:29:00.557",
|
|
"lastModified": "2018-01-14T02:29:01.150",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En PHP anterior a versi\u00f3n 5.6.31, versi\u00f3n 7.x anterior a 7.0.17 y versi\u00f3n 7.1.x anterior a 7.1.3, los atacantes remotos podr\u00edan causar un ataque de denegaci\u00f3n de servicio de consumo de CPU mediante la inyecci\u00f3n de variables de formulario largo, relacionadas con el archivo main/php_variables.c."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 7.8
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-400"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.6.30",
|
|
"matchCriteriaId": "399EA21A-9B46-4F4F-9A33-4DC557B11743"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6B90B947-7B54-47F3-9637-2F4AC44079EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "35848414-BD5D-4164-84DC-61ABBB1C4152"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2B1F8402-8551-4F66-A9A7-81D472AB058E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7A773E8E-48CD-4D35-A0FD-629BD9334486"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FC492340-79AF-4676-A161-079A97EC6F0C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1C2D8FE-C380-4B43-B634-A3DBA4700A71"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3EB58393-0C10-413C-8D95-6BAA8BC19A1B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "751F51CA-9D88-4971-A6EC-8C0B72E8E22B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "37B74118-8FC2-44CB-9673-A83DF777B2E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4D56A200-1477-40DA-9444-CFC946157C69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FD0D1CCC-A857-4C15-899E-08F9255CEE34"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6745CC43-2836-4CD8-848F-EEA08AE9D5AC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BEB6696-14F9-4D9B-9974-B682FFBB828E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "04146390-021D-4147-9830-9EAA90D120A7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B124547-DC1D-4A92-B8AB-8A1900063786"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F45B2127-CF3D-4D59-9042-AE6DF2908319"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C68AA43-ED90-4B98-A5F8-4E210C2CC7CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2466D297-9442-40B0-A1A7-F9D166396CF8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EADBF7EE-18DC-49F9-BF2F-A09BBAE76F45"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2017/07/10/6",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Mailing List"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://php.net/ChangeLog-5.php",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://php.net/ChangeLog-7.php",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/99601",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://bugs.php.net/bug.php?id=73807",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20180112-0001/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.debian.org/security/2018/dsa-4081",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.tenable.com/security/tns-2017-12",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |