A flaw was found in php when creating a .phar file and configuring apache to handle phar files using php, when accessing invalid page the page name is reflected back to the user in the 404 response. This user input is not being sanitized and therefore it is vulnerable to a reflected XSS. Making, every site configured to run .phar files using php vulnerable. References: https://bugs.php.net/bug.php?id=74782 https://bugs.php.net/bug.php?id=74782 Patch: https://gist.github.com/anonymous/70d2f6bac8db576d6386bd79c1e6e081
Wrong patch link on #c0, the correct one is: http://git.php.net/?p=php-src.git;a=commit;h=4e3f55c36272a5f29b50e1924b78e9db1b23f214
Created php tracking bugs for this issue: Affects: fedora-all [bug 1535684]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1112 https://access.redhat.com/errata/RHSA-2020:1112