5 matches found
BIT-LIBPHP-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CLSA-2025-1738691753 php: Fix of 2 CVEs
CVE-2024-2756: fix Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix...
RockyLinux 8 : php:8.2 (RLSA-2024:10951)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10951 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...
Moderate: Red Hat Security Advisory: php:8.2 security update
An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CLSA-2024-1714728164 Fix CVE(s): CVE-2022-31629, CVE-2024-2756
SECURITY UPDATE: possible insecure cookie abuse - debian/patches/php-7.3-CVE-2024-2756.patch: fix Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix - CVE-2024-2756...