11 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-7189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were...
RHEL 7 : php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 - main/streams/xpsocket.c in PHP 7....
RHEL 8 : php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: Out of bounds access in phppcre.c:phppcrereplaceimpl CVE-2017-9118 - php: 1-byte array overrun in...
SUSE CVE-2017-7189
main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...
PHP 'CVE-2017-7189' Improper Input Validation Vulnerability - Windows
PHP is improperly validating input from untrusted input. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
PHP 'CVE-2017-7189' Improper Input Validation Vulnerability - Linux
PHP is improperly validating input from untrusted input. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-7189
main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...
CVE-2017-7189
CVE-2017-7189 affects PHP 7.x prior to 2017-03-07: main/streams/xp_socket.c misparses fsockopen calls (e.g., fsockopen('127.0.0.1:80', 443) can be treated as 127.0.0.1:80:443 then truncated to 127.0.0.1:80). The hostname input from untrusted sources may enable a security policy bypass when a hard...
CVE-2017-7189
Removed by vendor...
Internet Bug Bounty: Inappropriate URL parsing may cause security risk!
Description ----- The behaviors in parseurl and httpwrap/cURL are different Original bug report ----- - https://bugs.php.net/bug.php?id=74192 Note ----- - CVE-2017-7189 assigned Thanks : Impact SSRF...