Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-7071
HistoryFeb 15, 2021 - 4:15 a.m.

CVE-2020-7071

2021-02-1504:15:12
CWE-20
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

Affected configurations

NVD
Node
phpphpRange7.3.07.3.26
OR
phpphpRange7.4.07.4.14
OR
phpphpRange8.0.08.0.1
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
netappclustered_data_ontapMatch-

Related

fedora 2
nessus 35
osv 8
openvas 21
cve 1
veracode 1
alpinelinux 1
cbl_mariner 1
archlinux 3
ubuntucve 1
suse 2
mageia 1
cvelist 1
debiancve 1
redhatcve 1
prion 1
gentoo 1
debian 2
oraclelinux 1
almalinux 1
ubuntu 2
rocky 1
redhat 2
oracle 1
fedora
fedora
[SECURITY] Fedora 33 Update: php-7.4.14-1.fc33
2021-01-14 01:40:08
[SECURITY] Fedora 32 Update: php-7.4.14-1.fc32
2021-01-16 01:23:34
nessus
nessus
PHP 7.3.x < 7.3.26 / 7.4.x < 7.4.14 / 8.x < 8.0.1 Input Validation Error
2021-01-14 00:00:00
SUSE SLES12 Security Update : php74 (SUSE-SU-2021:0126-1)
2021-01-15 00:00:00
Fedora 33 : php (2021-8dac5c39f3)
2021-01-14 00:00:00
osv
osv
CVE-2020-7071
2021-02-15 04:15:12
BIT-php-2020-7071
2024-03-06 11:05:46
php5, php7.0 vulnerabilities
2021-07-13 12:01:13
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:0125-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for php7 (openSUSE-SU-2021:0106-1)
2021-04-16 00:00:00
PHP < 7.3.26, 7.4.x < 7.4.14, 8.0.x < 8.0.1 Filter Vulnerability (Jan 2021) - Windows
2021-01-11 00:00:00
cve
cve
CVE-2020-7071
2021-02-15 04:15:12
veracode
veracode
Privilege Escalation
2021-01-07 17:05:16
alpinelinux
alpinelinux
CVE-2020-7071
2021-02-15 04:15:12
cbl_mariner
cbl_mariner
CVE-2020-7071 affecting package php 7.4.14-3
2024-06-26 03:08:30
archlinux
archlinux
[ASA-202101-9] php: insufficient validation
2021-01-12 00:00:00
[ASA-202107-15] php: multiple issues
2021-07-06 00:00:00
[ASA-202107-16] php7: multiple issues
2021-07-06 00:00:00
ubuntucve
ubuntucve
CVE-2020-7071
2021-02-15 00:00:00
suse
suse
Security update for php7 (moderate)
2021-01-18 00:00:00
Security update for php7 (moderate)
2021-01-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2021-01-14 18:13:25
cvelist
cvelist
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo
2021-01-04 00:00:00
debiancve
debiancve
CVE-2020-7071
2021-02-15 04:15:12
redhatcve
redhatcve
CVE-2020-7071
2021-01-07 17:44:44
prion
prion
Design/Logic Flaw
2021-02-15 04:15:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2021-05-26 00:00:00
debian
debian
[SECURITY] [DLA 2708-1] php7.0 security update
2021-07-15 13:01:58
[SECURITY] [DSA 4856-1] php7.3 security update
2021-02-17 22:08:33
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
ubuntu
ubuntu
PHP vulnerabilities
2021-07-13 00:00:00
PHP vulnerabilities
2021-07-07 00:00:00
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
redhat
redhat
(RHSA-2021:4213) Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
(RHSA-2021:2992) Moderate: rh-php73-php security, bug fix, and enhancement update
2021-08-03 08:11:09
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON
Related for NVD:CVE-2020-7071
fedora2nessus35osv8openvas21cve1veracode1alpinelinux1cbl_mariner1archlinux3ubuntucve1suse2mageia1cvelist1debiancve1redhatcve1prion1gentoo1debian2oraclelinux1almalinux1ubuntu2rocky1redhat2oracle1