Lucene search
+L

30 matches found

prion
prion
added 2022/09/06 7:15 p.m.465 views

Design/Logic Flaw

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5CVSS4.9AI score0.00804EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/09/06 7:15 p.m.4 views

UBUNTU-CVE-2022-36032

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5.3CVSS6AI score0.00804EPSS
Exploits0References6
osv
osv
added 2022/09/06 6:20 p.m.167 views

CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5.3CVSS5.2AI score0.00804EPSS
Exploits0References6
cvelist
cvelist
added 2022/09/06 6:20 p.m.30 views

CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5.3CVSS6AI score0.00804EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2022/09/06 6:20 p.m.8 views

CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

5.3CVSS5AI score0.00804EPSS
Exploits0References4
cve
cve
added 2022/09/06 6:20 p.m.103 views

CVE-2022-36032

CVE-2022-36032 affects ReactPHP HTTP server component versions 0.7.0 up to, but not including, 1.7.0. When processing incoming HTTP cookie values, cookie names are url-decoded, which can cause cookies with prefixes like __Host- and __Secure- to be confounded with decodings of other cookies. This ...

5.3CVSS5.3AI score0.00804EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2022/09/06 12:0 a.m.8 views

PT-2022-23130 · Unknown · Reactphp Http

Name of the Vulnerable Software and Affected Versions: ReactPHP HTTP versions 0.7.0 through 1.7.0 Description: The issue arises when ReactPHP's HTTP server component processes incoming HTTP cookie values, url-decoding the cookie names. This can lead to confusion between cookies with prefixes like...

5.3CVSS5AI score0.00804EPSS
Exploits0References13
friendsofphp
friendsofphp
added 2022/08/20 11:11 a.m.104 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...

5CVSS6.5AI score0.05029EPSS
Exploits2Affected Software1
friendsofphp
friendsofphp
added 2022/08/20 11:11 a.m.41 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS6.7AI score0.00804EPSS
Exploits0Affected Software1
n0where
n0where
added 2017/01/10 2:34 a.m.146 views

Damn Vulnerable Web Sockets: DVWS

Damn Vulnerable Web Sockets Damn Vulnerable Web Sockets DVWS is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA . You will find more vulnerabilities than the ones listed in the application. Requirements In the...

1.1AI score
Exploits0References3
Rows per page
Query Builder