Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2020-7071
HistoryFeb 15, 2021 - 4:15 a.m.

CVE-2020-7071

2021-02-1504:15:00
Debian Security Bug Tracker
security-tracker.debian.org
7

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.4%

JSON

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

OSVersionArchitecturePackageVersionFilename
Debian10allphp7.3< 7.3.27-1~deb10u1php7.3_7.3.27-1~deb10u1_all.deb
Debian11allphp7.4< 7.4.14-1php7.4_7.4.14-1_all.deb

Related

nessus 31
archlinux 3
openvas 21
fedora 2
suse 2
mageia 1
ubuntucve 1
veracode 1
alpinelinux 1
cbl_mariner 1
cve 1
osv 8
prion 1
redhatcve 1
gentoo 1
ubuntu 2
redhat 2
rocky 1
debian 2
oraclelinux 1
almalinux 1
oracle 1
nessus
nessus
openSUSE Security Update : php7 (openSUSE-2021-106)
2021-01-25 00:00:00
Fedora 32 : php (2021-ca0e53d310)
2021-01-20 00:00:00
openSUSE Security Update : php7 (openSUSE-2021-101)
2021-01-25 00:00:00
archlinux
archlinux
[ASA-202101-9] php: insufficient validation
2021-01-12 00:00:00
[ASA-202107-16] php7: multiple issues
2021-07-06 00:00:00
[ASA-202107-15] php: multiple issues
2021-07-06 00:00:00
openvas
openvas
PHP < 7.3.26, 7.4.x < 7.4.14, 8.0.x < 8.0.1 Filter Vulnerability (Jan 2021) - Linux
2021-01-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0126-1)
2021-06-09 00:00:00
Fedora: Security Advisory for php (FEDORA-2021-ca0e53d310)
2021-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: php-7.4.14-1.fc32
2021-01-16 01:23:34
[SECURITY] Fedora 33 Update: php-7.4.14-1.fc33
2021-01-14 01:40:08
suse
suse
Security update for php7 (moderate)
2021-01-18 00:00:00
Security update for php7 (moderate)
2021-01-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2021-01-14 18:13:25
ubuntucve
ubuntucve
CVE-2020-7071
2021-02-15 00:00:00
veracode
veracode
Privilege Escalation
2021-01-07 17:05:16
alpinelinux
alpinelinux
CVE-2020-7071
2021-02-15 04:15:00
cbl_mariner
cbl_mariner
CVE-2020-7071 affecting package php 7.4.14-3
2024-04-28 09:06:19
cve
cve
CVE-2020-7071
2021-02-15 04:15:00
osv
osv
CVE-2020-7071
2021-02-15 04:15:12
BIT-php-2020-7071
2024-03-06 11:05:46
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
prion
prion
Design/Logic Flaw
2021-02-15 04:15:00
redhatcve
redhatcve
CVE-2020-7071
2021-01-07 17:44:44
gentoo
gentoo
PHP: Multiple vulnerabilities
2021-05-26 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2021-07-13 00:00:00
PHP vulnerabilities
2021-07-07 00:00:00
redhat
redhat
(RHSA-2021:4213) Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
(RHSA-2021:2992) Moderate: rh-php73-php security, bug fix, and enhancement update
2021-08-03 08:11:09
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
debian
debian
[SECURITY] [DLA 2708-1] php7.0 security update
2021-07-15 13:01:58
[SECURITY] [DSA 4856-1] php7.3 security update
2021-02-17 22:08:33
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.4%

JSON
Related for DEBIANCVE:CVE-2020-7071
nessus31archlinux3openvas21fedora2suse2mageia1ubuntucve1veracode1alpinelinux1cbl_mariner1cve1osv8prion1redhatcve1gentoo1ubuntu2redhat2rocky1debian2oraclelinux1almalinux1oracle1