17 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-7272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1490-1 : php5 security update
Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One CVE-2018-14851 results in a potential denial of service out-of-bounds read and application crash via a crafted JPEG file. The other CVE-2018-14883 is an Integer Overflow that leads to a heap-bas...
Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)
Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...
Debian: Security Advisory (DLA-875-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1709-1)
This update for php53 fixes the following issues : - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Note that...
SUSE-SU-2017:1709-1 Security update for php53
This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available...
PHP 7.x < 7.0.18, 7.1.x < 7.1.4 SSRF Security Bypass Vulnerability - Windows
PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
PHP Server Side Request Forgery Security Bypass Vulnerability(CVE-2017-7272)
For historical reasons, fsockopen accepts the port and hostname separately: fsockopen'127.0.0.1', 80 However, with the introdcution of stream transports in PHP 4.3, it became possible to include the port in the hostname specifier: fsockopen'127.0.0.1:80' Or more formally:...
PHP 7.1.2 fsockopen Misbehavior
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Misbehavior of the "fsockopen" function product: PHP vulnerable version: 7.1.2 fixed version: CVE number: CVE-2017-7272 impact: Medium homepage: http://www.php.net/ found...
CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...
Debian DLA-875-1 : php5 security update
Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. CVE-2016-7478: Zend/zendexceptions.c in PHP allows remote attacke...
[SECURITY] [DLA 875-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...
CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...
CVE-2017-7272
CVE-2017-7272 : PHP up to versions 7.1.11 is vulnerable to SSRF when apps accept an fsockopen/pfsockopen hostname with a constrained port. The issue arises because a trailing ":port" in the hostname is parsed as the port, causing fsockopen to use the port from the hostname instead of the second a...