Vulnerability Name:

CVE-2017-9841

Assigned:2017-06-24
Published:2017-06-27
Updated:2017-11-16
Summary:Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVSS v3 Severity:9.8 Critical (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
References:Source: MISC
Type: VENDOR_ADVISORY
http://phpunit.vulnbusters.com/

Source: BID
Type: UNKNOWN
101798

Source: SECTRACK
Type: UNKNOWN
1039812

Source: XF
Type: UNKNOWN
phpunit-cve20179841-code-exec(127819)

Source: MISC
Type: VENDOR_ADVISORY
https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5

Source: MISC
Type: VENDOR_ADVISORY
https://github.com/sebastianbergmann/phpunit/pull/1956

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpunit_project:phpunit:4.8.27:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpunit_project:phpunit:5.6.2:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.xenial:def:20179841000
    V
    CVE-2017-9841 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-27
    oval:com.ubuntu.trusty:def:20179841000
    V
    CVE-2017-9841 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-06-27
    BACK
    phpunit_project phpunit 4.8.27
    phpunit_project phpunit 5.0.0
    phpunit_project phpunit 5.0.1
    phpunit_project phpunit 5.0.2
    phpunit_project phpunit 5.0.3
    phpunit_project phpunit 5.0.4
    phpunit_project phpunit 5.0.5
    phpunit_project phpunit 5.0.6
    phpunit_project phpunit 5.0.7
    phpunit_project phpunit 5.0.8
    phpunit_project phpunit 5.0.9
    phpunit_project phpunit 5.0.10
    phpunit_project phpunit 5.1.0
    phpunit_project phpunit 5.1.2
    phpunit_project phpunit 5.1.3
    phpunit_project phpunit 5.1.4
    phpunit_project phpunit 5.1.5
    phpunit_project phpunit 5.1.6
    phpunit_project phpunit 5.1.7
    phpunit_project phpunit 5.2.0
    phpunit_project phpunit 5.2.1
    phpunit_project phpunit 5.2.3
    phpunit_project phpunit 5.2.4
    phpunit_project phpunit 5.2.5
    phpunit_project phpunit 5.2.6
    phpunit_project phpunit 5.2.7
    phpunit_project phpunit 5.2.8
    phpunit_project phpunit 5.2.9
    phpunit_project phpunit 5.2.10
    phpunit_project phpunit 5.2.11
    phpunit_project phpunit 5.2.12
    phpunit_project phpunit 5.3.0
    phpunit_project phpunit 5.3.1
    phpunit_project phpunit 5.3.2
    phpunit_project phpunit 5.3.3
    phpunit_project phpunit 5.3.4
    phpunit_project phpunit 5.3.5
    phpunit_project phpunit 5.4.0
    phpunit_project phpunit 5.4.1
    phpunit_project phpunit 5.4.2
    phpunit_project phpunit 5.4.3
    phpunit_project phpunit 5.4.4
    phpunit_project phpunit 5.4.5
    phpunit_project phpunit 5.4.6
    phpunit_project phpunit 5.4.7
    phpunit_project phpunit 5.4.8
    phpunit_project phpunit 5.5.0
    phpunit_project phpunit 5.5.1
    phpunit_project phpunit 5.5.2
    phpunit_project phpunit 5.5.3
    phpunit_project phpunit 5.5.4
    phpunit_project phpunit 5.5.5
    phpunit_project phpunit 5.5.6
    phpunit_project phpunit 5.5.7
    phpunit_project phpunit 5.6.0
    phpunit_project phpunit 5.6.1
    phpunit_project phpunit 5.6.2