Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2017-7272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is...

7.4CVSS7.4AI score0.03514EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.61 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.9AI score0.26373EPSS
Exploits8References2
OpenVAS
OpenVAS
added 2020/04/01 12:0 a.m.47 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.08818EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2020/02/25 12:0 a.m.51 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.08818EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.58 views

Debian DLA-1490-1 : php5 security update

Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One CVE-2018-14851 results in a potential denial of service out-of-bounds read and application crash via a crafted JPEG file. The other CVE-2018-14883 is an Integer Overflow that leads to a heap-bas...

7.5CVSS6.5AI score0.08975EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.45 views

Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)

Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...

7.4CVSS1.3AI score0.03514EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2018/01/11 12:0 a.m.53 views

Debian: Security Advisory (DLA-875-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.42401EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2017/06/29 12:0 a.m.59 views

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1709-1)

This update for php53 fixes the following issues : - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Note that...

7.4CVSS7.3AI score0.03514EPSS
Exploits2References5
OSV
OSV
added 2017/06/28 12:43 p.m.14 views

SUSE-SU-2017:1709-1 Security update for php53

This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available...

7.4CVSS7.8AI score0.03514EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2017/04/18 12:0 a.m.62 views

PHP 7.x < 7.0.18, 7.1.x < 7.1.4 SSRF Security Bypass Vulnerability - Windows

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

7.4CVSS7.6AI score0.03514EPSS
Exploits2References3
seebug.org
seebug.org
added 2017/04/06 12:0 a.m.94 views

PHP Server Side Request Forgery Security Bypass Vulnerability(CVE-2017-7272)

For historical reasons, fsockopen accepts the port and hostname separately: fsockopen'127.0.0.1', 80 However, with the introdcution of stream transports in PHP 4.3, it became possible to include the port in the hostname specifier: fsockopen'127.0.0.1:80' Or more formally:...

5.8CVSS7.8AI score0.03514EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/04/03 12:0 a.m.248 views

PHP 7.1.2 fsockopen Misbehavior

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Misbehavior of the "fsockopen" function product: PHP vulnerable version: 7.1.2 fixed version: CVE number: CVE-2017-7272 impact: Medium homepage: http://www.php.net/ found...

5.8CVSS0.03514EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2017/03/31 9:48 a.m.54 views

CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

7.4CVSS1.1AI score0.03514EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2017/03/28 12:0 a.m.92 views

Debian DLA-875-1 : php5 security update

Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. CVE-2016-7478: Zend/zendexceptions.c in PHP allows remote attacke...

9.8CVSS8.8AI score0.42401EPSS
Exploits5References5
Debian
Debian
added 2017/03/27 11:5 p.m.63 views

[SECURITY] [DLA 875-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...

9.8CVSS9.1AI score0.42401EPSS
Exploits5
OSV
OSV
added 2017/03/27 5:59 p.m.38 views

CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

7.4CVSS6.7AI score
Exploits0References7
CVE
CVE
added 2017/03/27 5:0 p.m.311 views

CVE-2017-7272

CVE-2017-7272 : PHP up to versions 7.1.11 is vulnerable to SSRF when apps accept an fsockopen/pfsockopen hostname with a constrained port. The issue arises because a trailing ":port" in the hostname is parsed as the port, causing fsockopen to use the port from the hostname instead of the second a...

7.4CVSS7.4AI score0.03514EPSS
Exploits2References7Affected Software1
Rows per page
Query Builder