Test ID:	1.3.6.1.4.1.25623.1.0.814021
Category:	Web application abuses
Title:	PHP 'Transfer-Encoding: chunked' XSS Vulnerability - Active Check
Summary:	PHP is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: PHP is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to the bucket brigade is mishandled in the php_handler function in 'sapi/apache2handler/sapi_apache2.c' script. Vulnerability Impact: Successful exploitation allows a remote attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Affected Software/OS: 'sapi/apache2handler/sapi_apache2.c' component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10. Solution: Update to PHP 5.6.38, 7.2.10, 7.1.22 or later. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-17082 Debian Security Information: DSA-4353 (Google Search) https://www.debian.org/security/2018/dsa-4353 https://security.gentoo.org/glsa/201812-01 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php https://bugs.php.net/bug.php?id=76582 https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html RedHat Security Advisories: RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.