Vulnerability Description
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openwhisk | < 1.0.1 |
| Php | Php | 7.2.0 |
References
- http://www.securityfocus.com/bid/104915Third Party AdvisoryVDB Entry
- https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ePatchThird Party Advisory
- https://lists.apache.org/thread.html/439bd5ff5822708c645a0d816ed9914b88c97eda32e
- https://www.puresec.io/hubfs/Apache%20OpenWhisk%20PureSec%20Security%20Advisory.MitigationTechnical DescriptionThird Party Advisory
- http://www.securityfocus.com/bid/104915Third Party AdvisoryVDB Entry
- https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ePatchThird Party Advisory
- https://lists.apache.org/thread.html/439bd5ff5822708c645a0d816ed9914b88c97eda32e
FAQ
What is CVE-2018-11756?
CVE-2018-11756 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace ...
How severe is CVE-2018-11756?
CVE-2018-11756 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11756?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openwhisk, Php Php.