NVD Vulnerability Detail

CVE-2017-11142

Summary	In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
Publication Date	July 10, 2017, 11:29 p.m.
Registration Date	Jan. 26, 2021, 1:12 p.m.
Last Update	Nov. 21, 2024, 12:07 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://openwall.com/lists/oss-security/2017/07/10/6	Mailing List
2	http://openwall.com/lists/oss-security/2017/07/10/6	Mailing List
3	http://php.net/ChangeLog-5.php	Release Notes Vendor Advisory
4	http://php.net/ChangeLog-5.php	Release Notes Vendor Advisory
5	http://php.net/ChangeLog-7.php	Release Notes Vendor Advisory
6	http://php.net/ChangeLog-7.php	Release Notes Vendor Advisory
7	http://www.securityfocus.com/bid/99601
8	http://www.securityfocus.com/bid/99601
9	https://bugs.php.net/bug.php?id=73807	Vendor Advisory
10	https://bugs.php.net/bug.php?id=73807	Vendor Advisory
11	https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3	Patch Third Party Advisory
12	https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3	Patch Third Party Advisory
13	https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3	Patch Third Party Advisory
14	https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3	Patch Third Party Advisory
15	https://security.netapp.com/advisory/ntap-20180112-0001/
16	https://security.netapp.com/advisory/ntap-20180112-0001/
17	https://www.debian.org/security/2018/dsa-4081
18	https://www.debian.org/security/2018/dsa-4081
19	https://www.tenable.com/security/tns-2017-12
20	https://www.tenable.com/security/tns-2017-12

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html

JVN Vulnerability Information

PHP におけるリソースの枯渇に関する脆弱性

Title	PHP におけるリソースの枯渇に関する脆弱性
Summary	PHP には、リソースの枯渇に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 16, 2017, midnight
Registration Date	Aug. 3, 2017, 11:09 a.m.
Last Update	Aug. 3, 2017, 11:09 a.m.

Affected System

The PHP Group

PHP 5.6.31 未満

PHP 7.0.17 未満の 7.x

PHP 7.1.3 未満の 7.1.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-11142	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142
National Vulnerability Database (NVD)
2	CVE-2017-11142	https://nvd.nist.gov/vuln/detail/CVE-2017-11142

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-400	https://cwe.mitre.org/data/definitions/400.html

ベンダー情報

No	Name	URL
GitHub
1	Fix bug #73807 (0f8cf3b)	https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
2	Fix bug #73807 (a15bffd)	https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3
PHP Bugs
3	Sec Bug #73807	https://bugs.php.net/bug.php?id=73807
The PHP Group
4	PHP 5 ChangeLog	http://php.net/ChangeLog-5.php
5	PHP 7 ChangeLog	http://php.net/ChangeLog-7.php

その他

No	Name	URL
関連文書
1	Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20)	http://openwall.com/lists/oss-security/2017/07/10/6

Change Log

No	Changed Details	Date of change
0	[2017年08月03日] 掲載	Feb. 17, 2018, 10:37 a.m.