CVE-2017-11143 : In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Published 2017-07-10 14:29:01

Updated 2018-05-04 01:29:03

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2017-11143

Top countries where our scanners detected CVE-2017-11143

Top open port discovered on systems with this issue 80

IPs affected by CVE-2017-11143 231,896

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-11143!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-11143

Probability of exploitation activity in the next 30 days: 1.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-11143

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-11143

CWE-416 Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Assigned by: nvd@nist.gov (Primary)
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-11143

https://www.tenable.com/security/tns-2017-12

[R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®

CVEs referencing this url
http://openwall.com/lists/oss-security/2017/07/10/6

oss-security - Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20)
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:1296

RHSA-2018:1296 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://bugs.php.net/bug.php?id=74145

PHP :: Sec Bug #74145 :: wddx parsing empty boolean tag leads to SIGSEGV
Issue Tracking;Patch;Vendor Advisory
http://www.securityfocus.com/bid/99553

PHP CVE-2017-11143 Denial of Service Vulnerability
https://security.netapp.com/advisory/ntap-20180112-0001/

September 2017 PHP Vulnerabilities in NetApp Products | NetApp Product Security

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4081

Debian -- Security Information -- DSA-4081-1 php5

CVEs referencing this url
http://php.net/ChangeLog-5.php

PHP: PHP 5 ChangeLog
Release Notes;Vendor Advisory

CVEs referencing this url
https://git.php.net/?p=php-src.git;a=commit;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7

208.43.231.11 Git - php-src.git/commit
Issue Tracking;Patch;Third Party Advisory

Products affected by CVE-2017-11143