Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2017-7189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were...

7.5CVSS7.5AI score0.02492EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.47 views

RHEL 7 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 - main/streams/xpsocket.c in PHP 7....

9.8CVSS7.8AI score0.08888EPSS
Exploits17References20
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.34 views

RHEL 8 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: Out of bounds access in phppcre.c:phppcrereplaceimpl CVE-2017-9118 - php: 1-byte array overrun in...

8.1CVSS8AI score0.05719EPSS
Exploits6References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:48 a.m.6 views

SUSE CVE-2017-7189

main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...

7.5CVSS7AI score0.02492EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/08/17 12:0 a.m.18 views

PHP 'CVE-2017-7189' Improper Input Validation Vulnerability - Windows

PHP is improperly validating input from untrusted input. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

7.5CVSS7.8AI score0.02492EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/08/17 12:0 a.m.21 views

PHP 'CVE-2017-7189' Improper Input Validation Vulnerability - Linux

PHP is improperly validating input from untrusted input. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

7.5CVSS7.8AI score0.02492EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.61 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.9AI score0.26373EPSS
Exploits8References2
UbuntuCve
UbuntuCve
added 2019/07/10 3:15 p.m.55 views

CVE-2017-7189

main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...

7.5CVSS7.1AI score0.02492EPSS
Exploits0References1
CVE
CVE
added 2019/07/10 2:41 p.m.157 views

CVE-2017-7189

CVE-2017-7189 affects PHP 7.x prior to 2017-03-07: main/streams/xp_socket.c misparses fsockopen calls (e.g., fsockopen('127.0.0.1:80', 443) can be treated as 127.0.0.1:80:443 then truncated to 127.0.0.1:80). The hostname input from untrusted sources may enable a security policy bypass when a hard...

7.5CVSS7.3AI score0.02492EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2019/07/10 2:41 p.m.25 views

CVE-2017-7189

Removed by vendor...

7.5CVSS7.8AI score0.02492EPSS
Exploits0
Hacker One
Hacker One
added 2018/01/17 5:30 p.m.39 views

Internet Bug Bounty: Inappropriate URL parsing may cause security risk!

Description ----- The behaviors in parseurl and httpwrap/cURL are different Original bug report ----- - https://bugs.php.net/bug.php?id=74192 Note ----- - CVE-2017-7189 assigned Thanks : Impact SSRF...

5CVSS7.5AI score0.02492EPSS
Exploits0
Rows per page
Query Builder