CVE-2020-7070

Exploit

EPSS 26.09%
Published 02.10.2020 15:15:12
Last modified 21.11.2024 05:36:37
Source security@php.net
Teams watchlist Login
Open Login

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

Affected products Warnungen 0 Metrics 4 CWE 2 References 18

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version >= 7.2.0 < 7.2.34

Php ≫ Php Version >= 7.3.0 < 7.3.23

Php ≫ Php Version >= 7.4.0 < 7.4.11

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Netapp ≫ Clustered Data Ontap Version-

Tenable ≫ Tenable.Sc Version < 5.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	26.09%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
security@php.net	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

Not Applicable

https://www.tenable.com/security/tns-2021-14

Third Party Advisory

https://hackerone.com/reports/895727

Third Party Advisory

Exploit

https://www.debian.org/security/2021/dsa-4856

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html

Third Party Advisory