New Apache PHP XSS Bug Displays Modified HTTP Request Text to Users

Ryan Seguin

A researcher has discovered a cross-site scripting vulnerability caused by mishandling of a PHP header in Apache version 2.x. Upgrade PHP and review privileges for applications and services using it.

Background

Researcher Prashanth Varma posted PHP Bug #76582 for Apache version 2.x that details a cross-site scripting (XSS) bug which could allow an unauthenticated attacker to send a malicious POST request that echoes the embedded script in the body of the response. The Center for Internet Security (CIS) issued an advisory stating that PHP versions 7.2 (prior to 7.2.10), 7.1 (prior to 7.1.22), 7.0 (prior to 7.0.32) and 5.6 (prior to 5.6.38) are all vulnerable. This vulnerability has been assigned CVE-2018-17082.

Vulnerability details

Apache mishandles the “Transfer-Encoding: chunked” PHP header that normally sends data chunks to another host in a transfer request. When exploited, it displays text in an error window in the active browser session. The exploit requires a locally run script, but does not require user interaction or authentication to run. The attacker could include a malicious link in these error messages, opening the user up to further attack if clicked.

As with any XSS attack, unsanitized text could allow for arbitrary code execution beyond a simple error message. No instances of more sophisticated attacks have been seen at the time of this writing, but as time progresses, additional attacks could use this exploit as a vector.

Urgently required actions

Upgrade PHP to the latest version to ensure that assets have the latest security patches. We also recommend reviewing privileges and asset access of any apps or services that utilize PHP in order to understand what targets are at risk. And, as always, reinforce security awareness with users, so they know the risks of clicking on links in error messages. Clicking on new messages from trusted sites can be just as dangerous as clicking on messages from untrusted sources.

Identifying affected systems

Tenable has released the following plugins to scan for this vulnerability. Please note that our plugins look for the affected PHP versions without regards to the target’s platform in order to err on the side of caution. Even though this vulnerability only appears to affect Apache at this time, we recommend upgrading PHP to the latest version, even for users using other platforms that utilize PHP, in order to ensure maximum risk reduction.

Plugin ID

Description

117497

PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability

117498

PHP 7.0.x < 7.0.32 Transfer-Encoding Parameter XSS Vulnerability

117499

PHP 7.1.x < 7.1.22 Transfer-Encoding Parameter XSS Vulnerability

117500

PHP 7.2.x < 7.2.10 Transfer-Encoding Parameter XSS Vulnerability



Get more information

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Sep 14, 2018

People also viewed

Channel Sales Engineer

Santiago Santiago Chile Santiago, Chile Sales Engineering Sales
Your Role:The Channel Sales Engineer will support and will be working with production, engineering, and research and development, as well as external sales firms to determine how Tenable products and services could be designed or modified to best ...

Engineering Manager - UI

Los Angeles California United States West Jefferson Boulevard, Playa Vista, Los Angeles, California, United States, 90066 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Engineering Manager - UI

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Engineering Manager - UI

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 20146 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Commercial Territory Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 20146 Sales Sales
Your Role:The Commercial Territory Manager will meet and exceed quarterly sales quota by developing new opportunities within specific geographical territory.  Researching and identifying potential accounts; outbound cold calling to soliciting new ...

Recruiter - UK

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Human Resources Human Resources
Your Role:Tenable is seeking a talented Recruiter who will source, screen and ultimately close exceptional sales, marketing and professional services talent. You’ll partner with Tenable’s Sales leadership to create and maintain a talent pipeline, ...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.