Lucene search
K

36 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when PHP processes incoming HTTP cookie values, the cookie names are url-decoded. This may result in cookies with prefixes like Host being confused with cookies that are decoded with such prefixes. As a consequence,...

5.3CVSS6.6AI score0.05029EPSS
Exploits1References2
OSV
OSV
added 2025/01/14 7:23 p.m.15 views

BIT-PHP-MIN-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

7.5CVSS6.7AI score0.05029EPSS
Exploits2References16
OSV
OSV
added 2024/03/06 11:5 a.m.42 views

BIT-PHP-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

7.5CVSS6.7AI score0.05029EPSS
Exploits2References16
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.44 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Rack vulnerabilities (USN-5253-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5253-1 advisory. It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to...

10CVSS7.7AI score0.03687EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/01/31 12:0 a.m.22 views

Debian: Security Advisory (DLA-3298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS6.7AI score0.03593EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/31 12:0 a.m.35 views

Debian dla-3298 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3298 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3298-1 [email protected]...

8.6CVSS6.7AI score0.03593EPSS
Exploits1References12
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-5253-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.03687EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2022/12/13 11:33 a.m.116 views

USN-5253-1: Rack vulnerabilities

It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. CVE-2019-16782 It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performin...

10CVSS7.7AI score0.03687EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/09/24 12:0 a.m.25 views

openSUSE: Security Advisory for rubygem-rack (SUSE-SU-2022:3347-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS7.2AI score0.03593EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/09/24 12:0 a.m.43 views

SUSE SLES15: ruby2.5-rubygem-rack / ruby2.5-rubygem-rack-doc / etc (SUSE-SU-2022:3347-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3347-1 advisory. - CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names...

8.6CVSS6.7AI score0.03593EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/09/16 6:48 p.m.90 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS6.6AI score0.00775EPSS
Exploits0References7Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/08/20 11:11 a.m.100 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...

5CVSS6.5AI score0.05029EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/08/20 11:11 a.m.40 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS6.7AI score0.00775EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/07/01 11:3 a.m.3 views

OESA-2022-1729 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

10CVSS7.1AI score0.02938EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2020-0306)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.02938EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/09 6:40 p.m.6 views

php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5.3CVSS6.8AI score0.05029EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.38 views

SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14516-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14516-1 advisory. - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names...

7.5CVSS7AI score0.05029EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.98507EPSS
Exploits40References10
OpenVAS
OpenVAS
added 2021/04/07 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-4561-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS6.9AI score0.03593EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/04/06 11:13 a.m.122 views

USN-4561-2: Rack vulnerabilities

USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive...

8.6CVSS7.1AI score0.03593EPSS
Exploits1
Rows per page
Query Builder