CVE-2017-11145
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-11145
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 5.6.31之前的版本、7.0.21之前的7.x版本和7.1.7之前的7.1.x版本中存在安全漏洞,该漏洞源于数据扩展的‘timelib_meridian’函数解析代码缺少边界检测。攻击者可利用该漏洞从解释器中获取信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2017-11145
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-11145
请登录查看更多情报信息。
- http://openwall.com/lists/oss-security/2017/07/10/6x_refsource_CONFIRM
- https://bugs.php.net/bug.php?id=74819x_refsource_CONFIRM
- http://php.net/ChangeLog-5.phpx_refsource_CONFIRM
- https://security.netapp.com/advisory/ntap-20180112-0001/x_refsource_CONFIRM
- http://php.net/ChangeLog-7.phpx_refsource_CONFIRM
- https://www.tenable.com/security/tns-2017-12x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-11145
Same Patch Batch · n/a · 2017-07-10 · 26 CVEs total
| CVE-2017-11166 | ImageMagick 安全漏洞 | |
| CVE-2017-8032 | 多款Pivotal产品权限许可和访问控制问题漏洞 | |
| CVE-2017-6735 | Cisco FireSIGHT System Software 安全漏洞 | |
| CVE-2017-6734 | Cisco Identity Services Engine Software 跨站脚本漏洞 | |
| CVE-2017-6733 | Cisco Identity Services Engine 跨站脚本漏洞 | |
| CVE-2017-6732 | Cisco Prime Network Software installation procedure 权限许可和访问控制问题漏洞 | |
| CVE-2017-6731 | Cisco IOS XR Software 安全漏洞 | |
| CVE-2017-6730 | Cisco Wide Area Application Services 信息泄露漏洞 | |
| CVE-2017-6729 | Cisco ASR 5000 Series Routers和Cisco Virtualized Packet Core Software 安全漏洞 | |
| CVE-2017-6728 | Cisco IOS XR Software 权限许可和访问控制问题漏洞 | |
| CVE-2017-6727 | Cisco Wide Area Application Services 安全漏洞 | |
| CVE-2017-6726 | Cisco Prime Network Gateway CLI 信息泄露漏洞 | |
| CVE-2017-7175 | NfSen 安全漏洞 | |
| CVE-2017-11124 | xar 安全漏洞 | |
| CVE-2017-11163 | Cacti 跨站脚本漏洞 | |
| CVE-2017-11147 | PHP 安全漏洞 | |
| CVE-2017-11144 | PHP 安全漏洞 | |
| CVE-2017-11143 | PHP 安全漏洞 | |
| CVE-2017-11142 | PHP 安全漏洞 | |
| CVE-2016-10397 | PHP 安全漏洞 |
Showing top 20 of 26 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2017-11145
No comments yet